Creation and invocation of custom rules

[phillipdade]

Does 2MS support Gitleaks' ability to invoke custom regex rules (in golang format) to allow secret detection based upon specific requirements?

Gitleaks supports custom rules and I've tried creating a gitleaks.toml configuration file (based upon https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml) and invoking via the --config argument in 2ms. The custom configuration included a rule that I know was triggering on a test, invalid secret and the rule was simply renamed. However, the renamed rule wasn't invoked, only the original rule.

Looking at the docs, the --config argument mentions that this configuration file should be either a YAML or JSON.

[cx-rui-gomes]

Hi @phillipdade,

The --config used in 2ms is not the same as gitleaks. The --config is used to have a better way to specify multiple parameters and flags instead of running all of them via command.

You can however, specify your own custom regexes in a YAML or JSON file and pass that config file: