28 lines
864 B
YAML
28 lines
864 B
YAML
rules:
|
|
- id: detected-private-key
|
|
patterns:
|
|
- pattern-either:
|
|
- patterns:
|
|
- pattern:
|
|
-----BEGIN $TYPE PRIVATE KEY-----
|
|
$KEY
|
|
- metavariable-regex:
|
|
metavariable: $TYPE
|
|
regex: (?i)([dr]sa|ec|openssh|encrypted)?
|
|
- patterns:
|
|
- pattern: |
|
|
-----BEGIN PRIVATE KEY-----
|
|
$KEY
|
|
- metavariable-analysis:
|
|
metavariable: $KEY
|
|
analyzer: entropy
|
|
languages: [generic]
|
|
message: Private Key detected. This is a sensitive credential and should not be hardcoded here. Instead, store this in a separate, private file.
|
|
severity: ERROR
|
|
metadata:
|
|
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
category: security
|
|
technology:
|
|
- secrets
|
|
confidence: MEDIUM
|