Changelog for
gitleaks-8.18.4-1.1.x86_64.rpm :
* Fri Jun 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 8.18.4:
* Limit hashicorp-tf-password to .tf/.hcl files (#1420)
* rm print
* reduce telegram... todo url and xml for later
* coderabbit.ai <3
* Add NewRelic insert key detection (#1417)
* Improved Telegram bot token rule regex and added more test cases (#1404)
* Add intra42 client secret (#1408)
* Sat Jun 01 2024 opensuse_buildserviceAATTojkastl.de- Update to version 8.18.3:
* extend FB access token discovery (#1407)
* tests: scalingo validation consistent test (#1359)
* add real (test) standard and restricted keys (#1375)
* Add Cloudflare API and Origin CA keys (#1374)
* Update \"contributing guidelines\" link (#1390)
* add update token from square (#1370)
* feat: facebook secret, access token, and page access token rules (#1372)
* update mailchimp with new tokens (#1376)
* Append ordered rules when extending (#1304)
* fix: age rule id with dashes (#1349)
* patching golang.org/x/text for CVE-2021-38561 and CVE-2022-32149 (#1342)
* Use latest base images. (#1334)
* Sun May 05 2024 Andreas Stieger
- Update to version 8.18.2:
* Remove IAM identifiers for non-credential resources in the aws-access-token rule
* Update stripe rule to not alert on publishable keys
* --max-target-megabytes flag now supported for --no-git flag as well
* add pre-commit hook gitleaks-system
* fix errors when using protect and an external git diff tool
* rename filesystem to directory
* Enhance Secret Descriptions
* Small refactor `detect` and `sources`
* chore(config): refactor to go generate; simplify configRules init
* pretty apparent \'protect\' and \'detect\' should be merged into one command
* style: sort the stopwords
* Sat Nov 25 2023 Dirk Müller - update to 8.18.1:
* dont crash on 100gb files pls (#1292)
* remove secretgroup from default config (#1288)
* feat: Hashicorp Terraform fields for password (#1237)
* perf: avoid allocations with `(
*regexp.Regexp).MatchString` (#1283)
* refactor: more explicit rules (#1280)
* bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278)
* add Infracost API rule (#1273)
* refactor: simplify test asserts (#1271)
* Update Makefile
* refactor: change detect tests to t.Fatal instead of log.Fatal (#1270)
* feat(rules): Add detection for Scalingo API Token (#1262)
* feat(jwt): detect base64-encoded tokens (#1256)
* feat: add --ignore-gitleaks-allow cmd flag (#1260)
* switch out libs (#1259)
* fix: no-color option should also affect zerolog (#1242)
* Fixed lineEnd indexing if the match is the whole line (#1223)
* feat: Add optional redaction value, default 100 (#1229)
* fix(jwt): longer segment lengths (#1214)
* Added yarn.lock file to default allowlist paths (#1258)
* Update README.md
* feat(rules): make case insensitivity optional (#1215)
* feat(rules): detect Hugging Face access tokens
* Resolve #1170 - Enable selection of a single rule (#1183)
* Update authress.go to include alternate form account dash (-) (#1224)
* refactor: remove unnecessary removing temp files in tests (#1255)
* refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254)
* fix(sumologic): improve patterns (#1218)
* Fix inconsistent generated values in config
* feat: add JFrog API and Identity keys
* Add entropy check to plaid client/secret ID rules
* Update config template logic
* Include entropy in Plaid rule file
* refactor: fix #722 properly
* Add `REDACTED` to stopwords for `generic-api-key` rule
* Add detection for Snyk tokens
* Add makefile variable detections
* chore: update deps to fix solaris #1158
* Add junit report format
* Ignore all comits when `.gitleaksignore` fingerprint lacks SHA
* Improved global exclusion list
* Add detection for OpenAI API keys
* Add warning for quoted `--log-opts` values
* Fixed docker run command in README.md
* add tags support for csv and sarif formats
* Update Slack token regexes
* Sat Nov 25 2023 dmuellerAATTsuse.com- Update to version 8.18.1:
* dont crash on 100gb files pls (#1292)
* remove secretgroup from default config (#1288)
* feat: Hashicorp Terraform fields for password (#1237)
* perf: avoid allocations with `(
*regexp.Regexp).MatchString` (#1283)
* refactor: more explicit rules (#1280)
* bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278)
* add Infracost API rule (#1273)
* refactor: simplify test asserts (#1271)
* Update Makefile
* refactor: change detect tests to t.Fatal instead of log.Fatal (#1270)
* feat(rules): Add detection for Scalingo API Token (#1262)
* feat(jwt): detect base64-encoded tokens (#1256)
* feat: add --ignore-gitleaks-allow cmd flag (#1260)
* switch out libs (#1259)
* fix: no-color option should also affect zerolog output (#1242)
* Fixed lineEnd indexing if the match is the whole line (#1223)
* feat: Add optional redaction value, default 100 (#1229)
* fix(jwt): longer segment lengths (#1214)
* Added yarn.lock file to default allowlist paths (#1258)
* Update README.md
* feat(rules): make case insensitivity optional (#1215)
* feat(rules): detect Hugging Face access tokens (#1204)
* Resolve #1170 - Enable selection of a single rule (#1183)
* Update authress.go to include alternate form account dash (-) (#1224)
* refactor: remove unnecessary removing temp files in tests (#1255)
* refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254)
* fix(sumologic): improve patterns (#1218)
* refactor: fix #722 properly (#1250)
* fix(plaid): include entropy in go definition (#1252)
* feat(config): update template logic (#1201)
* Add entropy check to plaid client/secret ID rules (#1213)
* feat: add JFrog API and Identity keys (#1233)
* chore(config): fix inconsistent generated values (#1200)
* Revert \"Initial set of Azure secrets for #539 (#1079)\" (#1197)
* Initial set of Azure secrets for #539 (#1079)
* feat(slack): update token regex (#1161)
* add tags support for csv and sarif formats (#1176)
* Fixed docker run command in README.md (#1194)
* feat: add warning for quoted --log-opts values (#1160)
* Add detection for OpenAI API keys (#1148)
* Add some useless files (#1193)
* add tests for commits
* fix broken vet, format some stuff
* add some gl ignores
* Ignore all comits when `.gitleaksignore` fingerprint lacks SHA (#1156)
* Add junit report format (#920)
* chore: update deps to fix solaris link (#1159)
* Add makefile variable detections (#1191)
* Add detection for Snyk tokens (#1190)
* Add `REDACTED` to stopwords for `generic-api-key` rule (#1188)
* Added option to specify .gitleaksignore path (#1179)
* Fix closing file in writeJson and writeSarif (#1187)
* Simplify tests by using T.TempDir (#1186)
* Fix typos in
*.md, comments and logs (#1185)
* Update README.md
* Update bug_report.md
* Adding discord channel to readme
* 🐛 fix(sarif): update report to pass validator (#1167)
* fix(detect): extra secret from group before checking allowlist (#1152)
* Fix G307 warning: Deferring unsafe method \"Close\" on type \"
*os.File\" (#1154)
* fix(detect): avoid panic with verbose flag (#1143)
* Fix typo (#1142)
* No color (#1136)
* Update README.md
* safer out of bounds (#1135)
* Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131)
* Update pre-commit address and rev tag in README (#1125)
* Update gitleaks.yml
* Update README.md
* Update README.md
* Update .gitleaksignore
* Bufix/1100 protect stagged files (#1121)
* remove extra default on source option
* fix README.md !? (#1123)
* Improve rule descriptions for Stripe and Facebook access tokens (#1119)
* Add Defined Networking API Tokens (#1096)
* Update gitleaks.toml (#1116)
* Update gitleaks.yml (#1117)
* Add gradle.lockfile to allowlist (#1112)
* Update pre-commit rev tag in README (#1108)
* Add pnpm-lock.yaml and Database.refactorlo (#1109)
* Mon Mar 13 2023 Johannes Kastl - BuildRequire go1.19; fix wrong URL and Summary
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.16.0:
* Feat/allowlist regex target (#1107)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.15.4:
* ignore package-lock.json (#1076)
* Fix typos in README.md and CONTRIBUTING.md (#1090)
* fix: ignore baseline if path was not relative in source (#1101)
* Fix H in GitHub and update pre-commit rev tag in README (#1087)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.15.3:
* Add missing GitLab token patterns (#1077)
* Fix rule for private keys (#1072)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.15.2:
* remove color formatting when #1042 is encountered (#1050)
* Update README.md
* adding jwt tokens with padding format \"=\" (#1031)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.15.1:
* include default newline pairs when calculating location (#1038)
* Add rule for fine-grained GitHub PAT (#1026)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.15.0:
* Add scanning from a pipe with --pipe (#1012)
* add a few fingerprints for test data
* Add support for following symlinks (#1010)
* fix bug in readme (#1011)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.14.1:
* define log-opts, odd that this wasn\'t failing before... (#1009)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.14.0:
* add --max-target-megabytes : maximum size for a file/blob to be scanned (#1003)
* Update USERS.md
* Update .gitleaksignore
* Update README.md
* Add detection rules for DigitalOcean tokens (#1002)
* docs: add Trendyol to users (#998)
* docs: added goreleaser to user list (#997)
* Update USERS.md (#996)
* Create USERS.md
* Exclude dacpac refactorlogs (#990)
* Output number of commits at info-level. (#991)
* Detect Slack Workflow Webhook URLs (#989)
* Upgrade go version to 1.19 (#987)
* Minor cleanup to error handling and logging (#985)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.13.0:
* Update README.md
* Update .gitleaksignore
* Update README.md
* Adding quiet mode to silence banner (#852)
* Issue #980: Add support for Telegram Bot API Token (#981)
* add rule for microsoft teams webhooks (#970)
* Add baseline (#975)
* Add pre-commit autoupdate command to README.md (#978)
* refactor: more precise rule for private keys (#930)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.12.0:
* update gitleaksignore
* add fingerprint to output
* Pretty output (#973)
* Update version in readme file (#972)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.11.2:
* ignore empty files (#965)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.11.1:
* Add grafana tokens rules (#959)
* add prefect and readme rules (#961)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.11.0:
* draft: bump gitdiff, add git.Err state, better log messages (#954)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.10.3:
* Feat/add fingerprint no git (#952)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.10.2:
* safe file checking (#946)
* Update README.md
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.10.1:
* Explicit fingerprint (#944)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.10.0:
* add two test findings to gitleaksignore
* Feat/ignore finding (#938)
* add jwt rule (#943)
* bump golang test version (#942)
* gitleaks allow docs (#941)
* Add new rules for vault tokens (#919)
* Feature/add sidekiq rules (#933)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.9.0:
* update readme
* add url for config
* Feature: Adding the ability to extend configuration files (#926)
* Add fix for issue #915 (#916)
* Update README.md
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.12:
* Update README.md
* Update README.md
* adding access to generic rule keywords and identifiers
* Fix proper names capitalization (#907)
* Add multi platform build (#897)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.11:
* update twitter rule generation description and id
* capitilze twitter description
* adding travis ci
* Fix id and description for twitter tokens (#905)
* Adding okta, codecov, zendesk, and updating Atlassian\'s rule to include `jira` keyword (#904)
* Fix Plaid, add Plaid access token (#903)
* adding airtable and adafruit (#902)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.10:
* Fixes accidental type typos while translating rules from validation spreadsheet, adds bittrex rule
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.9:
* Remove ssn allowlist (#898)
* Adding a bunch of new rules, update allowlist to include node_modules… (#896)
* contributing guidelines first draft (#895)
* Lint python commit script to satisfy PEP8 (#893)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.8:
* Update generate (#892)
* maintain parity with recent changes... need to create rule contributing guidelines (#891)
* Fix duplicate TOML Rules and IDs (#889)
* Update README.md
* Update gitleaks.yml
* Update README.md
* user accounts don\'t need gitleaks license
* Update README.md
* Add gitleaks badge
* Create gitleaks.yml (#884)
* add link to gitleaks.io
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.7:
* fix git unsafe directory (#883)
* Limit newlines regex (#881)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.6:
* add combo to stopwords, update cmd/generate
* Fix generic-api-key detected erroneously (zricethezav#877) (#878)
* ignore end line when comparing generic rules (#879)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.5:
* updating generic regex and algoia regex (#875)
* feat: add algolia key support (#866)
* Improve PlanetScale token detection (#874)
* Update README.md
* Adding JIT Security messages
* Update README.md
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.4:
* fix no-git bug (#859)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.3:
* Removing private keyword from private key rule (#858)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.2:
* nasty little bug (#853)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.1:
* adding a ton of stopwords to the generic rule only as that is the loudest rule (#851)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.8.0:
* adding stopwords (#849)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.7.2:
* Update dockerfile (#848)
* fix EOL in secret suffix (#847)
* unpin docker version in pre-commit hook (#832)
* Generate tps (#845)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.7.1:
* maybe fix out of bounds (#843)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.7.0:
* optimize keywords (#841)
* Update detect.go (#839)
* Standardize/alphabetize rules, add cmd/generate/config package (#840)
* fix ghcr.io typo in README.md (#835)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.6.1:
* normalize keyword check (#830)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.6.0:
* Keyword (#825)
* doc gitleaks-docker pre-commit hook (#819)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.5.3:
* skip content checks for path only rules
* use official docker image as pre-commit hook (#818)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.5.2:
* remove stopwords from global allowlist
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.5.1:
* detect: skip binary files with --no-git (#810)
* fixing a location off by one edge case for --no-git (#812)
* Update README.md
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.5.0:
* Allow tag (#809)
* Stop words (#808)
* Refactor `detect`, add `entropy` to all findings (#804)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.4.0:
* commenting out git tests, will need to revisit eventually
* commenting out flaky test for now
* go mod tidying
* more comments
* adding git test again
* handle goimports/go vet warnings
* more tests
* more cleaningup
* maintaining parity between current master
* more bug
* cleanup
* more cleaning up
* getting some tests working
* regular git scan parity
* init
* Escape - character in regex character groups (#802)
* adding go mod/sum to ignore (#797)
* GitLab pats may contain underscores as well as dashes (#794)
* Mon Mar 13 2023 kastlAATTb1-systems.de- Update to version 8.3.0:
* ignore k8s apiVersion in generic-api-key pattern (#760)
* build: updates for go1.17 (#769)
* allow non-last-element secret groups (#792)
* fixing segfault when using a rule with only a path (#791)
* Fix: Typo in LinkedIn id (#789)
* Fix vendor name casing, Flutterwave typo (#785)
* Sarif results with empty rules now represents as [] instead of null/nil (#786)
* Fix typos in README.md (#780)
* Sun Feb 13 2022 Johannes Kastl - first version of package gitleaks at 8.2.7
