orchard/.gitleaksignore at 5087aefdf87bba5189084ff786030f1835b72db1 - orchard - Gitea: Git with a cup of tea

bitforge/orchard

Files

Mondo Diaz 1a7fb3e5ba Fix security scan issues and harden docker-compose

Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)

KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml

Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)

Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)

2026-01-14 18:15:25 +00:00

7 lines

330 B

Plaintext

Raw Blame History

 # Gitleaks ignore file
 # https://github.com/gitleaks/gitleaks#gitleaksignore
 # False positive: s3_key is an attribute name, not a secret
 fda65d381acc5ab59bc592ee3013f75906c197:backend/tests/unit/test_storage.py:generic-api-key:381
 dce6cbb836b687002751fed4159bfc2da61f8b:backend/tests/unit/test_storage.py:generic-api-key:381