From e8a334249d58f9855875b79aa502dd42c1ff25cf Mon Sep 17 00:00:00 2001 From: tAsh Date: Sat, 16 May 2026 13:42:43 +0530 Subject: [PATCH 1/4] security: add Gitleaks config --- .gitleaks.toml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .gitleaks.toml diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 0000000000..a9b2668a6d --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,5 @@ +# Gitleaks config - extend the default ruleset. +# Add repo-specific allowlist entries only after triaging confirmed false positives. + +[extend] +useDefault = true From 5f580463ca4ee32773c08fd619ce123bd8e328a2 Mon Sep 17 00:00:00 2001 From: tAsh Date: Sat, 16 May 2026 13:42:46 +0530 Subject: [PATCH 2/4] security: add Gitleaks workflow --- .github/workflows/gitleaks.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/gitleaks.yml diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000000..e336bb6ee8 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,27 @@ +name: gitleaks + +on: + pull_request: + push: + branches: + - main + workflow_dispatch: + +permissions: + contents: read + pull-requests: read + +jobs: + scan: + name: scan + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run Gitleaks + uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 651367062aab78879ad345a695635e92e10bb69e Mon Sep 17 00:00:00 2001 From: tAsh Date: Sat, 16 May 2026 13:55:38 +0530 Subject: [PATCH 3/4] security: add Gitleaks config From f2f220eb07fe61c38b1fb1f90e2aedb4a66ab92f Mon Sep 17 00:00:00 2001 From: tAsh Date: Sat, 16 May 2026 13:55:41 +0530 Subject: [PATCH 4/4] security: add Gitleaks workflow