version: v0.1
Pattern Format
[^:@\r\n \t"'/\p{Cc}]+@(internal\.)?example\.comStart Pattern
\A|[\s"'`,;=]End Pattern
\z|[^a-zA-Z._0-9-]version: v0.1
Pattern Format
[A-Za-z][A-Za-z0-9+_-]*://([^/?#\s\p{Cc}]*[.@])?(example\.com|internal\.example\.com)[/?#]?[^\s"']*Start Pattern
\A|[^A-Za-z0-9+_-]End Pattern
\z|[\s'"]version: v0.1
Pattern Format
[^$/?#@\s][^/?#@\s\x00-\x08]*Start Pattern
(\b|\A)[A-Za-z][A-Za-z0-9+_-]*://[^/?#:@\s\x00-\x08]*:End Pattern
@[\p{L}\p{N}\.-]*(?:\:[0-9]{1,5})?([/?#\s"'`]|\z)Additional Matches
Add these additional matches to the Secret Scanning Custom Pattern.
-
Not Match:
(?i)^[[{(<]?(?:password|passwd|secret)[\]})>]?$
-
Not Match:
^\$?\{[^}+]\}i\}$
-
Not Match:
^%(?:\.\*)?s$
version: v0.1
Comments / Notes:
-
False Positives with build versions, but won't match if prefixed with v or ends with -
-
Use a custom IPv4 pattern if possible, tailored for the ranges you use
-
Doesn't include test, localhost or non-routable IPs
-
Does include local ranges such as 192.168.0.0/24
Pattern Format
(?:(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])\.){3}(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])Start Pattern
\A|[^v.0-9]End Pattern
\z|[^.0-9-]Additional Matches
Add these additional matches to the Secret Scanning Custom Pattern.
-
Not Match:
^(?:0\.0\.0\.0|255\.255\.255\.255)$
-
Not Match:
^(?:127|169\.254|224\.0\.0)\..*
-
Not Match:
^(?:192\.0.2|198\.51\.100|203\.0\.113|233\.252\.0)\..*
version: v0.1
Pattern Format
(?:ghrc|gchr|hgcr|ghr|ghc)\.ioStart Pattern
\A|[^0-9A-Za-z-]End Pattern
\z|[^0-9A-Za-z.-]