Secret-Detection Custom Rules - Adding additional rules
Problem to solve
To complete Custom Rulesets for Secret Detection we should provide the ability to append additional rules to a gitleaks.toml
configuration without replacing pre-packaged rules.
The current Custom ruleset support allows a complete override of gitleaks.toml
but there is no easy way to take advantage of the prepackaged rules along with additional ones; i.e. a custom matcher for a individual company's API keys.
Intended users
Proposal
Support [[gitleaks.ruleset]]
definitions to be merged into gitleaks.toml
before runtime execution, see similar syntax for property overrides: #235359 (closed)
Example
[gitleaks]
[[gitleaks.ruleset]]
description = "SomeInternalAPIKeys"
regex = '''APIAPIAPI[0-9A-Z]{16}'''
tags = ["internal"]
Permissions and Security
No change to permissions
Documentation
- Document functionality within Secret Detection docs
Availability & Testing
- Add test ensuring added rule generates findings matching the override value
What does success look like, and how can we measure that?
Rules can be added without affecting prepackaged config
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by Lucas Charles