Skip to content

Commit b5e2f96

Browse files
committed
chore(qm): G-4 を DEV 正本に移行、Public は gitleaks のみ(QM 2.2 §3.4)
- dependabot.yml / dependency-scan.yml を削除 - .gitleaks.toml を追加(G-5) - gitleaks.yml / track-downloads.yml は維持
1 parent 1623aa4 commit b5e2f96

3 files changed

Lines changed: 20 additions & 159 deletions

File tree

.github/dependabot.yml

Lines changed: 0 additions & 25 deletions
This file was deleted.

.github/workflows/dependency-scan.yml

Lines changed: 0 additions & 134 deletions
This file was deleted.

.gitleaks.toml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# gitleaks 設定 — pdf-handler(QM 2.2 §3.2 / G-5 と整合)
2+
#
3+
# 方針:
4+
# - service_role・sk_live 等は許可しない。
5+
# - 以下は (1) ドキュメント上のプレースホルダ・サンプル、(2) 開発用 anon のスクリプト直書き(履歴に残存)
6+
# に対する一時的な path allowlist。許可範囲を広げすぎないこと。
7+
# CAPA: run-dev / build-release を Secrets.local.ps1 のみに寄せ、allowlist を縮小する。
8+
9+
title = "pdf-handler"
10+
11+
[allowlist]
12+
paths = [
13+
'''scripts/run-dev.ps1''',
14+
'''scripts/build-release.ps1''',
15+
'''docs/testing/license-file-helper.md''',
16+
'''docs/operations/07_admin-functions-setup.md''',
17+
'''docs/supabase-setup/05_environment-variables.md''',
18+
# DEV anon(公開可能)キーを説明目的で記載しているドキュメント
19+
'''docs/supabase-setup/06_security-setup-guide.md''',
20+
]

0 commit comments

Comments
 (0)