senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/.github/workflows
History
senke 0c38966aed ci(security): allowlist test fixtures and historic backup dirs in gitleaks 
The gitleaks job reported 389 leaks, but every match fell into one of:
  - eyJ...invalid_signature fake JWTs in *_test.go (used to exercise
    auth failure paths — never a real credential)
  - veza-backend-api/internal/services/.backup-pre-uuid-migration/
    which existed in commits 2425c15b0 / 2425c15b0 but is gone from HEAD;
    gitleaks scans full git history so removing the dir would not help
  - test-jwt-secret / test-internal-api-key constants in setupTestRouter

Add a .gitleaks.toml that extends the v8 default ruleset and allowlists
those paths and stopwords. Update the workflow to pass --config so the
file is honored.
2026-04-14 11:45:43 +02:00
..
accessibility.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
backend-ci.yml ci: fix duplicate env block in staging-validation workflow 2026-04-09 14:51:10 +02:00
cd.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
chromatic.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
ci.yml ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
commitlint.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
container-scan.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
contract-testing.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
flaky-report.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
frontend-ci.yml ci: fix duplicate env block in staging-validation workflow 2026-04-09 14:51:10 +02:00
go-fuzz.yml ci: fix duplicate env block in staging-validation workflow 2026-04-09 14:51:10 +02:00
load-test-nightly.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
mutation-testing.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
openapi-lint.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
performance.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
rust-ci.yml ci: fix Forgejo runner compat (rust, rsync, docker compose) 2026-04-09 17:39:10 +02:00
rust-mutation.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
sast.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
security-scan.yml ci(security): allowlist test fixtures and historic backup dirs in gitleaks 2026-04-14 11:45:43 +02:00
semgrep.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
staging-validation.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
storybook-audit.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
stream-ci.yml ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
trivy-fs.yml ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
visual-regression.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00
zap-dast.yml.disabled ci: simplify workflows for Forgejo self-hosted runner 2026-04-09 20:08:37 +02:00