diff --git a/.gitallowed b/.gitallowed deleted file mode 100644 index 767a184e6f..0000000000 --- a/.gitallowed +++ /dev/null @@ -1,24 +0,0 @@ -token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"? -github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"? -token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"? -id-token: write ---token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\} ---token=\$GITHUB-TOKEN ---token="\$GITHUB-TOKEN" -"accountId": "123456789012" -accountId: "123456789012" -"account": "123456789012" -account: "123456789012" -console\.log\(`access token : \${access_token}`\) -.*CidrBlock.* -.*Gemfile\.lock.* -.*\.gitallowed.* -.*nhsd-rules-deny.txt.* -.*\.venv.* -.*node_modules.* -self.token = token -.*poetry\.lock.*brotli.*platform_python_implementation.* -password: "" -token: "{{authorization_header_value}}" -http://0\.0\.0\.0 ---host 0\.0\.0\.0 diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 0000000000..41feae8fd3 --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1,20 @@ +49ee7453e3f8aad31483888945a0af451cecca94:bruno/PSU/Pull_Request_Deployment/Apigee/Apigee_PULL_REQUEST_Notify_Callback.yml:generic-api-key:148 +49ee7453e3f8aad31483888945a0af451cecca94:bruno/PSU/Pull_Request_Deployment/Apigee/Apigee_PULL_REQUEST_Notify_Callback.yml:generic-api-key:198 +4202b41adcbac609aa626b5677dccb92c2141d14:bruno/PSU Collection/Pull Request Deployment/Apigee/Apigee PULL REQUEST Notify Callback.yml:generic-api-key:148 +4202b41adcbac609aa626b5677dccb92c2141d14:bruno/PSU Collection/Pull Request Deployment/Apigee/Apigee PULL REQUEST Notify Callback.yml:generic-api-key:198 +4c0318af471cb340e9f80f5b052bc9ffd96fc8a0:packages/nhsNotifyLambda/.jest/setEnvVars.js:generic-api-key:7 +c5a2eaf8199a2d63d11992703de5100f40e2441b:packages/nhsNotifyLambda/.jest/setEnvVars.js:generic-api-key:7 +06849808acb57396da9ee19ad49c9c7303285930:packages/nhsNotifyLambda/.jest/setEnvVars.js:generic-api-key:7 +2500c61930eda7dd415281cbf16f65db40afa29d:SAMtemplates/functions/main.yaml:generic-api-key:392 +0f940ea336b24c2d41a6612789f9263ff976a4b0:packages/nhsNotifyLambda/src/utils.ts:generic-api-key:17 +09519c4f2eac4d0275e645ff698ff095e0c8f607:packages/checkPrescriptionStatusUpdates/tests/testHander.test.ts:generic-api-key:67 +65004a5340565126d2309b28e4a2ffc49ff89216:packages/checkPrescriptionStatusUpdates/tests/testHander.test.ts:generic-api-key:67 +036ce12776ece652688e374c169d25cfb0c32be6:packages/checkPrescriptionStatusUpdates/tests/testHander.test.ts:generic-api-key:80 +036ce12776ece652688e374c169d25cfb0c32be6:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:136 +036ce12776ece652688e374c169d25cfb0c32be6:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:185 +8501c6774eaa45acf47777dc16233cda3cdff73f:packages/checkPrescriptionStatusUpdates/tests/testHander.test.ts:generic-api-key:119 +8501c6774eaa45acf47777dc16233cda3cdff73f:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:136 +8501c6774eaa45acf47777dc16233cda3cdff73f:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:185 +13c3d6d3754723fa2fa2fa47deac58d84844a285:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:131 +13c3d6d3754723fa2fa2fa47deac58d84844a285:packages/checkPrescriptionStatusUpdates/tests/testDynamoDBclient.test.ts:generic-api-key:176 +796fda23a4f8ab9c2100d414e90ba7a9390ff287:packages/specification/eps-prescription-status-update-api.yaml:generic-api-key:6 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 847e8dc9ce..5a7475ac4b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -179,15 +179,13 @@ repos: types_or: [sh, shell] pass_filenames: false - - repo: local - hooks: - - id: git-secrets - name: Git Secrets - description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. + - id: gitleaks + name: Git Leaks + description: gitleaks scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. entry: bash args: - -c - - 'git-secrets --pre_commit_hook' + - "gitleaks git --pre-commit --redact --staged --verbose" language: system fail_fast: true default_stages: [pre-commit]