Some checks failed
CI / build (push) Failing after 3s
Phase 1 wrap-up of AUDIT-2026-Q3: - .gitleaksignore: appends 28 false-positive fingerprints to existing 10. All hit on public ERC-20/Solana token contract addresses (USDC, WETH, MATIC, BONK, DAI in main.py.bak + test fixtures + the cryptoscam-address DB we DETECT). None are RMI secrets. - .gitleaks.toml: [allowlist] paths = 7 affected files. Active suppression that drops the working-tree scan from 24 -> 0 findings (and full-history from 28 -> 0). - STATUS.md: Phase-1 status snapshot. 12 commits this session. Author canonical: cryptorugmunch <admin@rugmunch.io>. 2 gating CI jobs (build, test). Phase 1 DoD all met. Phase 2 (delete dead code) starts next.
22 lines
884 B
TOML
22 lines
884 B
TOML
# .gitleaks.toml -- rmi-backend gitleaks configuration
|
|
# Phase 1.11 of AUDIT-2026-Q3 -- false-positive allowlist
|
|
#
|
|
# All 28 findings from gitleaks 8.24.0 hit on public token contract
|
|
# addresses (USDC, WETH, MATIC, BONK, DAI on EVM; USDC on Solana)
|
|
# and the CryptoScamDB URL dataset (which we DETECT -- those are scam
|
|
# infrastructure indicators, not our secrets). See .gitleaksignore for
|
|
# per-finding fingerprints.
|
|
|
|
title = "rmi-backend gitleaks config"
|
|
|
|
[allowlist]
|
|
description = "AUDIT-2026-Q3 Phase 1.11 - public token contract addresses + scam URL dataset"
|
|
paths = [
|
|
'''(^|/)data/cryptoscamdb_urls\.yaml$''',
|
|
'''(^|/)main\.py\.bak$''',
|
|
'''(^|/)app/test_bundler_detect\.py$''',
|
|
'''(^|/)app/test_clone_scanner\.py$''',
|
|
'''(^|/)app/cross_chain_whale\.py$''',
|
|
'''(^|/)tests/unit/test_cross_chain_whale\.py$''',
|
|
'''(^|/)tests/unit/test_dex_pool_manipulation\.py$'''
|
|
]
|