WIP: Update rules from Gitleaks 3.3.0
What does this MR do?
Updates rules for Gitleaks 3.3.0 with the rules from Gitleaks 3.3.0.
Complements !23 (merged)
Adds
- AWS Secret Key
- Amazon Marketplace Web Service key (upstream mentioning as
AWS MWS key, which might be incorrect) - Facebook Client ID (besides Facebook Secret Key)
- Twitter Client ID (besides Twitter Secret Key)
- LinkedIn Client ID and Secret Key
- Asymmetric Private Key (EC, PGP, DSA, RSA, OpenSSH private keys)
- Google API key
- Heroku API key
- MailChimp API key
- Mailgun API key
- PayPal Braintree access token
- Picatic API key
- SendGrid API key
- Slack Webhook URL (besides Slack bot, workspace, user, secret, and legacy token)
- Square access token
- Square OAuth secret
- Twilio API key
Environment variablesPortsWordPress configurations
Updates
- AWS Manager ID (sometimes known as
Access key ID) - Generic credentials (formerly known as
Generic API Key) - Stripe API key
Removes
- Entropy-based credential detection
What are the relevant issue numbers?
Closes gitlab-org/gitlab#205172 (closed)
Relates to gitlab-org/gitlab#205171 (closed), gitlab-org/gitlab#12948 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Takuya Noguchi