rmi-backend/.gitleaks.toml
cryptorugmunch 6ccb96ae36
Some checks failed
CI / build (push) Failing after 3s
build(rmi-backend,audit): add .gitleaksignore + .gitleaks.toml (P1.11) + STATUS.md (P1.12)
Phase 1 wrap-up of AUDIT-2026-Q3:

- .gitleaksignore: appends 28 false-positive fingerprints to existing
  10. All hit on public ERC-20/Solana token contract addresses (USDC,
  WETH, MATIC, BONK, DAI in main.py.bak + test fixtures + the
  cryptoscam-address DB we DETECT). None are RMI secrets.
- .gitleaks.toml: [allowlist] paths = 7 affected files. Active
  suppression that drops the working-tree scan from 24 -> 0 findings
  (and full-history from 28 -> 0).
- STATUS.md: Phase-1 status snapshot. 12 commits this session. Author
  canonical: cryptorugmunch <admin@rugmunch.io>. 2 gating CI jobs
  (build, test). Phase 1 DoD all met. Phase 2 (delete dead code)
  starts next.
2026-07-06 18:44:00 +02:00

22 lines
884 B
TOML

# .gitleaks.toml -- rmi-backend gitleaks configuration
# Phase 1.11 of AUDIT-2026-Q3 -- false-positive allowlist
#
# All 28 findings from gitleaks 8.24.0 hit on public token contract
# addresses (USDC, WETH, MATIC, BONK, DAI on EVM; USDC on Solana)
# and the CryptoScamDB URL dataset (which we DETECT -- those are scam
# infrastructure indicators, not our secrets). See .gitleaksignore for
# per-finding fingerprints.
title = "rmi-backend gitleaks config"
[allowlist]
description = "AUDIT-2026-Q3 Phase 1.11 - public token contract addresses + scam URL dataset"
paths = [
'''(^|/)data/cryptoscamdb_urls\.yaml$''',
'''(^|/)main\.py\.bak$''',
'''(^|/)app/test_bundler_detect\.py$''',
'''(^|/)app/test_clone_scanner\.py$''',
'''(^|/)app/cross_chain_whale\.py$''',
'''(^|/)tests/unit/test_cross_chain_whale\.py$''',
'''(^|/)tests/unit/test_dex_pool_manipulation\.py$'''
]