-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.gitallowed
More file actions
37 lines (30 loc) · 1.04 KB
/
.gitallowed
File metadata and controls
37 lines (30 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Allow GitHub workflow secrets and tokens
token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
id-token: write
--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
--token=\$GITHUB-TOKEN
# Allow CIDR blocks in CloudFormation templates and related files
CidrBlock: "10\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}"
DestinationCidrBlock: "0\.0\.0\.0/0"
CidrIp: 127\.0\.0\.1/32
CidrIp: 0\.0\.0\.0/0
# Java corretto is not a secret
.*java corretto.*
# Allow standard code in JSON files for FHIR compliance testing
"code": "1\.2\.840\.10065\.1\.12\.1\.1"
# Allow IP in X-Forwarded-For header in test files
.*\"X-Forwarded-For\": \"86\.5\.218\.71\".*
# Allow version for AspectJ in pom.xml
<aspectj\.version>1\.9\.22\.1</aspectj\.version>
^.*pom\.xml:.*<version>([^<]+)</version>.*$
^.*Gemfile\.lock:.*$
^.*\.java:.*\\"id\\":\\"([0-9a-f\-]+)\\".*$
# General ones
.*\.gitallowed.*
.*nhsd-rules-deny.txt.*
.*\.venv.*
.*node_modules.*
pom\.xml
poetry\.lock