diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..ed75266 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# Require repository-owner review for all changes on protected branches. +* @DivyamTalwar diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml new file mode 100644 index 0000000..b685072 --- /dev/null +++ b/.github/secret_scanning.yml @@ -0,0 +1,12 @@ +# Exclude intentional fake-secret fixtures used by the secret-detector test suite. +# Keep this list as narrow as possible so real leaks elsewhere still surface. +paths-ignore: + - ".gitleaks.toml" + - "tests/detectors/security/test_rules.py" + - "tests/detectors/security/test_security.py" + - "tests/detectors/test_security_internals.py" + - "tests/detectors/test_security_patterns.py" + - "tests/e2e/test_cli_flags.py" + - "tests/e2e/test_config_mutations.py" + - "tests/e2e/test_core_commands.py" + - "tests/e2e/test_scan_workflow.py"