-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnox.reference.yaml
More file actions
26 lines (26 loc) · 992 Bytes
/
nox.reference.yaml
File metadata and controls
26 lines (26 loc) · 992 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
scan:
exclude:
# Baseline file: contains high-entropy fingerprint hashes (SHA-256 hex)
# that match the SEC-680 "Prometheus API key" regex; these ARE the
# finding fingerprints, not actual secrets.
- ".nox/baseline.json"
# go.sum: module digests look like API keys to entropy-based detectors.
- "go.sum"
- "**/go.sum"
# CI workflows: pinned commit SHAs + GITHUB_TOKEN references look like
# secret patterns to entropy-based rules.
- ".github/workflows/*.yml"
# Documentation contains example code snippets and curl commands with
# placeholder tokens / API keys.
- "README.md"
- "CHANGELOG.md"
- "docs/*.md"
- "**/README.md"
# Generated coverage badge.
- "assets/coverage-badge.svg"
# Grafana dashboard JSON contains Prometheus query expressions that
# match SEC-680 against `prometheus_*_total` metric names.
- "assets/grafana/*.json"
# Generated artifacts.
- "nox-out/"
- "release-artifacts/"