MokoConsulting/moko-platform
1
0
Fork 0
Code Issues 9 Pull Requests Actions 41 Packages Releases 4 Wiki Activity
Page: workflows-secret-scanning
Pages
ARCHITECTURE AUTO-BUMP AUTO_CREATE_ORG_PROJECTS Branching-Strategy CLI_AUTOMATION Coding-Standards DEPLOY_SCRIPTS DOLIBARR_MODULE_IDS DRY_RUN_PATTERN Documentation-Standards File-Header-Standards Home JOOMLA_SYNC LEGAL_DOC_GENERATOR_WEB_README MANIFEST-STANDARD MINIFICATION MONITORING_SCRIPTS NEW_SCRIPTS QUICKSTART_ORG_PROJECTS UPDATE-SERVER WIKI_STANDARDS WORKFLOW_STANDARDS api-automation-index api-definitions-default-index api-definitions-sync-index api-deploy-index api-fix-index api-index api-maintenance-index.- api-maintenance-index api-plugin-index.- api-plugin-index api-tests-index.- api-tests-sample-index.- api-tests-sample-index api-validate-index.- automation-README.- automation-branch-version-automation.- automation-push-files.- automation-repo-cleanup.- client-repos.-.- client-repos standards-mokostandards-file-spec.- standards-mokostandards-file-spec templates-client-waas templates-dolibarr templates-generic templates-mcp unnamed workflows-README.- workflows-README workflows-auto-release.- workflows-auto-release workflows-branch-protection.- workflows-branch-protection workflows-build-release.- workflows-build-release workflows-cascade-dev.- workflows-cascade-dev workflows-changelog-management.- workflows-changelog-management workflows-demo-deployment.- workflows-demo-deployment workflows-dev-branch-tracking.- workflows-dev-branch-tracking workflows-dev-deployment.- workflows-dev-deployment workflows-index.- workflows-index workflows-release-system.- workflows-release-system workflows-renovate.- workflows-renovate workflows-reusable-workflows.- workflows-reusable-workflows workflows-rs-deployment.- workflows-rs-deployment workflows-secret-scanning.- workflows-secret-scanning workflows-shared-workflows.- workflows-shared-workflows workflows-standards-compliance.- workflows-standards-compliance workflows-static-analysis.- workflows-static-analysis workflows-sub-issue-management.- workflows-sub-issue-management workflows-update-server.- workflows-update-server workflows-workflow-architecture.- workflows-workflow-architecture
Clone
3
workflows-secret-scanning
Jonathan Miller edited this page 2026-05-20 01:26:28 +00:00
Table of Contents

Home

moko-platform

Secret Scanning (Gitleaks)

Status: Active | Version: 01.00.00 | Last Updated: 2026-05-07

Overview

Scans repositories for leaked secrets (API keys, tokens, passwords, private keys) using Gitleaks. Deployed to all governed repositories.

Triggers

Trigger Scope
PR to main/dev/** Scans PR commits only (incremental)
Weekly Monday 05:00 UTC Full repository history scan
Manual dispatch Full scan

What It Detects

  • API keys and tokens (AWS, GCP, Azure, GitHub, Gitea, etc.)
  • Private keys (RSA, SSH, PGP)
  • Database connection strings
  • OAuth client secrets
  • JWT tokens
  • Generic high-entropy strings

Notifications

Findings trigger an urgent ntfy alert to the gitea-security topic with instructions to rotate credentials immediately.

Configuration

The workflow uses Gitleaks' built-in rules. To add custom rules or allowlists, create a .gitleaks.toml in the repo root.

Allowlisting False Positives

# .gitleaks.toml
[allowlist]
  paths = [
    '''vendor/''',
    '''node_modules/'''
  ]
  commits = [
    "abc123..."
  ]

Related Documentation

Changelog

Version Date Changes
01.00.00 2026-05-07 Initial release

Repo: moko-platform · moko-platform wiki

Field Value
Minimum Version 04.07.00
Platform all
Applies To All repositories
Revision Date Author Description
1.0 2026-05-08 Moko Consulting Initial version