matrix/.gitleaks.toml at main

LotusGuild/matrix

Fork 0

Files

T

jared d2983eca23

Lint / Shell (shellcheck) (push) Successful in 13s

Details

Lint / JS (eslint) (push) Successful in 10s

Details

Lint / Python (ruff) (push) Failing after 8s

Details

Lint / Python deps (pip-audit) (push) Successful in 1m18s

Details

Lint / Secret scan (gitleaks) (push) Successful in 5s

Details

Fix ruff binary extraction; fix gitleaks to scan app dirs only

- ruff: add --strip-components=1 to tar extract; the tarball puts the
  binary inside ruff-x86_64-unknown-linux-gnu/ not at the root
- gitleaks: path-based allowlists are broken in v8.21.2 --no-git mode
  (tested down to bare substrings — still fires). Switched to scanning
  only application code directories (matrixbot/, hookshot/, .gitea/,
  systemd/, cinny/, landing/) which excludes deploy/ where the
  intentional Gitea webhook HMAC secrets live. Also removed the
  .gitleaks-baseline.json from the repo (it was flagging itself).
  The .gitleaks.toml is kept for any future per-rule overrides.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-20 16:48:06 -04:00

3 lines

27 B

TOML

Raw Permalink Blame History

	`[extend]`
	`useDefault = true`

3 lines 27 B TOML Raw Permalink Blame History

3 lines

27 B

TOML

Raw Permalink Blame History