Support for more gitleaks default configuration patterns
While trying to add secrets detection to our pipeline, we found that it was letting through some passwords patterns that I was sure would have been caught.
A couple of examples are:
-
var password = "passw0rd123456"
on a C# file -
"DBPasswrd": "passw0rd123456"
on an JSON file
Testing these locally with gitleaks, those actually do get caught so, taking a better look, I discovered that the secrets detection job is using a custom configuration file which is missing a lot of patterns from the default configuration file provided by gitleaks.
Since custom rulesets are an Ultimate only feature, is there a way to add more patterns to the default configuration of the secrets detection job?
My thought is that GitLab wants to provide a configuration that provides as less false positives as possible, but could some of the rules from the default configuration get ported GitLab's own? I know there are quite a lot on the default config, but would it be worth migrating the most common ones?