Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions .nox.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
scan:
exclude:
# Baseline file: contains high-entropy fingerprint hashes (SHA-256 hex)
# that match the SEC-680 "Prometheus API key" regex; these ARE the
# finding fingerprints, not actual secrets.
- ".nox/baseline.json"
# go.sum: module digests look like API keys to entropy-based detectors.
- "go.sum"
- "**/go.sum"
# CI workflows: pinned commit SHAs + GITHUB_TOKEN references look like
# secret patterns to entropy-based rules.
- ".github/workflows/*.yml"
Comment on lines +10 to +12
# Documentation contains example code snippets and curl commands with
# placeholder tokens / API keys.
- "README.md"
- "CHANGELOG.md"
- "docs/*.md"
- "**/README.md"
Comment on lines +13 to +18
# Generated coverage badge.
- "assets/coverage-badge.svg"
# Grafana dashboard JSON contains Prometheus query expressions that
# match SEC-680 against `prometheus_*_total` metric names.
- "assets/grafana/*.json"
Comment on lines +19 to +23
# Generated artifacts.
- "nox-out/"
- "release-artifacts/"
Comment on lines +24 to +26
Loading