|
|
@ -17,8 +17,8 @@ container {
|
|
|
|
alpine_secdb = true
|
|
|
|
alpine_secdb = true
|
|
|
|
|
|
|
|
|
|
|
|
secrets {
|
|
|
|
secrets {
|
|
|
|
matchers = {
|
|
|
|
matchers {
|
|
|
|
// Use default list, minus Vault (`hashicorp`), which has experienced false positives.
|
|
|
|
// Use most of default list, minus Vault (`hashicorp`), which has experienced false positives.
|
|
|
|
// See https://github.com/hashicorp/security-scanner/blob/v0.0.2/pkg/scanner/secrets.go#L130C2-L130C2
|
|
|
|
// See https://github.com/hashicorp/security-scanner/blob/v0.0.2/pkg/scanner/secrets.go#L130C2-L130C2
|
|
|
|
known = [
|
|
|
|
known = [
|
|
|
|
// "hashicorp",
|
|
|
|
// "hashicorp",
|
|
|
@ -53,16 +53,18 @@ binary {
|
|
|
|
# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
|
|
|
|
# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
|
|
|
|
|
|
|
|
|
|
|
|
secrets {
|
|
|
|
secrets {
|
|
|
|
// Use most of default list, minus Vault (`hashicorp`), which has experienced false positives.
|
|
|
|
matchers {
|
|
|
|
// See https://github.com/hashicorp/security-scanner/blob/v0.0.2/pkg/scanner/secrets.go#L130C2-L130C2
|
|
|
|
// Use most of default list, minus Vault (`hashicorp`), which has experienced false positives.
|
|
|
|
known = [
|
|
|
|
// See https://github.com/hashicorp/security-scanner/blob/v0.0.2/pkg/scanner/secrets.go#L130C2-L130C2
|
|
|
|
// "hashicorp",
|
|
|
|
known = [
|
|
|
|
"aws",
|
|
|
|
// "hashicorp",
|
|
|
|
"google",
|
|
|
|
"aws",
|
|
|
|
"slack",
|
|
|
|
"google",
|
|
|
|
"github",
|
|
|
|
"slack",
|
|
|
|
"azure",
|
|
|
|
"github",
|
|
|
|
"npm",
|
|
|
|
"azure",
|
|
|
|
]
|
|
|
|
"npm",
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|