secretscreen vendors gitleaks.toml (221 rules) and applies _prepare_regex() to translate Go regexp2 idioms to Python re:
- Strips mid-pattern (?i) and applies re.IGNORECASE globally
- Replaces \z with \Z
- One rule had POSIX [[:alnum:]] replaced with [a-zA-Z0-9] directly in the TOML
25 of 221 rules needed regex translation. When gitleaks updates their rules, we need a process to re-vendor and verify compilation.
Needed:
- Script or test that re-downloads gitleaks.toml from upstream and diffs against vendored copy
- Track which rules are patched in the TOML itself vs handled by _prepare_regex()
secretscreen vendors gitleaks.toml (221 rules) and applies _prepare_regex() to translate Go regexp2 idioms to Python re:
25 of 221 rules needed regex translation. When gitleaks updates their rules, we need a process to re-vendor and verify compilation.
Needed: