Provide option to not listen to "gitleaks: allow" comments that cause secrets to be ignored

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Request

Provide a way for security teams or administrators to disable the use of #gitleaks:allow-type comments, which allow users to ignore a specific secret (see docs).

Motivation

Security teams are unable to track if users are blocking merge requests by adding comments such as #gitleaks:allow. These comments can be added by anyone with write access to the codebase, and can provide a way to evade Scan Result Policies.

Notes

The option to not listen to these comments could be on-by-default in Scan Execution Policies or Scan Result Policies, since those mechanisms are used to achieve control over secret findings.