Rules Configuration

- name: SECRET_PAIR
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (?P<variable>[`'\"]?(?i:token|secret|key|키|암호|암호화|토큰)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,80}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)`'\"])
  filter_type:
    - ValueAllowlistCheck
    - ValuePatternCheck
    - ValueEntropyBase64Check
    - ValueCoupleKeywordCheck
  min_line_len: 16
  required_substrings:
    - token
    - secret
    - key
    - ":"
    - "/"
    - "="
    - 키
    - 암호
    - 암호화
    - 토큰
  target:
    - doc

- name: PASSWD_PAIR
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (?P<variable>[`'\"]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)`'\"])
  filter_type:
    - ValueAllowlistCheck
    - ValuePatternCheck
    - ValueDictionaryKeywordCheck
    - LineGitBinaryCheck
    - ValueFilePathCheck
    - ValueHexNumberCheck
  min_line_len: 10
  required_substrings:
    - pass
    - sword
    - ":"
    - "/"
    - "="
    - 비밀번호
    - 비번
    - 패스워드
    - 암호
  target:
    - doc

- name: IP_ID_PASSWORD_TRIPLE
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (^|\s|(?P<variable>(?i:\bip[\s/]+id[\s/]+pw[\s/:]*))|(?P<url>://))(?P<ip>[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2})((\s*\()?|(?(variable)[\s,/]+|(?(url)[,]|[,/])))\s*\w[\w.-]{3,80}[\s,/]+(?P<value>(?(url)(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_+=~!@#$%^&*;?-])){7,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?-i:(?P<e>[A-Z])|(?P<f>[a-z])|(?P<g>[0-9/_+=~!@#$%^&*;?-])){7,31}(?(e)(?(f)(?(g)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)))(?:\s|[^/]|$)
  filter_type:
    - ValueAllowlistCheck
    - ValuePatternCheck
    - ValueDictionaryKeywordCheck
  min_line_len: 10
  required_substrings:
    - "."
  target:
    - doc

- name: ID_PAIR_PASSWD_PAIR
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*(?P<quote>[`'\"]+)?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)(?P=quote)|(\s|$))
    - (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
  filter_type:
    - ValueAllowlistCheck
    - ValuePatternCheck
  min_line_len: 10
  required_substrings:
    - pass
    - sword
    - p/w
    - pw
    - 비밀번호
    - 비번
    - 패스워드
    - 암호
  target:
    - doc

- name: ID_PASSWD_PAIR
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (?P<variable>[\w.-]*(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]*(?(id)[ :(/]+|[:(/]+)(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]+|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,31})[ :\(/\"',]+(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))
  filter_type:
    - ValueAllowlistCheck
    - ValuePatternCheck
    - ValueDictionaryKeywordCheck
  min_line_len: 10
  required_substrings:
    - pw
    - pass
    - sword
    - 비밀번호
    - 비번
    - 패스워드
    - 암호
  target:
    - doc

- name: API
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - api(?!tal)
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 11
  required_substrings:
    - api
  target:
    - code

- name: IPv4
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9a-zA-Z])(?P<value>[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2})(?![.0-9a-zA-Z$])
  filter_type:
    - ValueIPCheck
  min_line_len: 10
  required_substrings:
    - "."
  target:
    - code

- name: IPv6
  severity: info
  confidence: strong
  type: pattern
  values:
    - (?<![:0-9a-zA-Z])(?P<value>[0-9A-Fa-f]{0,4}:(:?[0-9A-Fa-f]{1,4}:?){0,6}:[0-9A-Fa-f]{1,4})(?![:0-9a-zA-Z])
  filter_type:
    - ValueIPCheck
  min_line_len: 10
  required_substrings:
    - ":"
  target:
    - code

- name: AWS Client ID
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>(ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - A
  min_line_len: 20
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: AWS Multi
  severity: high
  confidence: moderate
  type: multi
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>(ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})(?![=0-9A-Za-z_+-])
    - (?<![0-9A-Za-z_/+-])(?P<value>[0-9A-Za-z/+]{40,80})(?![=0-9A-Za-z_/+-])
  filter_type: GeneralPattern
  required_substrings:
    - A
  min_line_len: 20
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: AWS MWS Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>amzn\.mws\.[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - amzn
  min_line_len: 30
  target:
    - code
    - doc

- name: Credential
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - credential
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 18
  required_substrings:
    - credential
  target:
    - code

- name: Dynatrace API Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - dt0
  min_line_len: 90
  target:
    - code
    - doc

- name: Facebook Access Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>EAAC[0-9A-Za-z]{27,80})
  filter_type: GeneralPattern
  required_substrings:
    - EAAC
  min_line_len: 31
  target:
    - code
    - doc

- name: Github Old Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?i)((git)[\w\-]*(token|key|api)[\w\-]*(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[a-z|\d]{40})(["']?))
  filter_type: GeneralPattern
  use_ml: true
  validations:
    - GithubTokenValidation
  required_substrings:
    - git
  min_line_len: 47
  target:
    - code
    - doc

- name: Google API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>AIza[0-9A-Za-z_-]{35})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  validations:
    - GoogleApiKeyValidation
  required_substrings:
    - AIza
  min_line_len: 39
  target:
    - code
    - doc

- name: Google Multi
  severity: high
  confidence: moderate
  type: multi
  values:
    - (?P<value>[0-9]{3,80}-[0-9a-z_]{32}\.apps\.googleusercontent\.com)
    - \b(?P<value>GOCSPX-[0-9A-Za-z_-]{28}|((?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_-])){24,80}(?(a)(?(b)(?(c)\b|(?!x)x)|(?!x)x)|(?!x)x))
  filter_type: GeneralPattern
  validations:
    - GoogleMultiValidation
  required_substrings:
    - .apps.googleusercontent.com
  min_line_len: 40
  target:
    - code
    - doc

- name: Google OAuth Secret
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_-])(?P<value>GOCSPX-[0-9A-Za-z_-]{28})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - GOCSPX-
  min_line_len: 40
  target:
    - code
    - doc

- name: Google OAuth Access Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>ya29\.[0-9A-Za-z_-]{22,8000})
  filter_type: GeneralPattern
  required_substrings:
    - ya29.
  min_line_len: 27
  target:
    - code
    - doc

- name: Heroku API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?i)(?P<value>heroku(.{0,20})?[0-9a-f]{8}(-[0-9a-f]{4})+-[0-9a-f]{12})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - heroku
  min_line_len: 24
  target:
    - code
    - doc

- name: Instagram Access Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>IGQVJ[\w]{100,8000})
  filter_type: GeneralPattern
  required_substrings:
    - IGQVJ
  min_line_len: 105
  target:
    - code
    - doc

- name: JSON Web Token
  severity: medium
  confidence: moderate
  type: pattern
  values:
    - (?<![.0-9A-Za-z_+-])(?P<value>eyJ[0-9A-Za-z_=-]{15,8000}([.0-9A-Za-z_=-]{1,8000})?)
  filter_type: GeneralPattern
  use_ml: true
  required_substrings:
    - eyJ
  min_line_len: 18
  target:
    - code

- name: MailChimp API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>[0-9a-zA-Z]{32}-us[0-9]{1,2})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  validations:
    - MailChimpKeyValidation
  required_substrings:
    - -us
  min_line_len: 35
  target:
    - code
    - doc

- name: MailGun API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>key-[0-9a-zA-Z]{32})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - key-
  min_line_len: 36
  target:
    - code
    - doc

- name: Password
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - (?<!by)pass(?!ed|ing|es|\s+[a-z]{3,80})|pw(d|\b)
  filter_type: PasswordKeyword
  use_ml: true
  min_line_len: 10
  required_substrings:
    - pass
    - pw
  target:
    - code

- name: PayPal Braintree Access Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - access_token$production$
  min_line_len: 72
  target:
    - code
    - doc

- name: PEM Private Key
  severity: high
  confidence: strong
  type: pem_key
  values:
    - (?P<value>-----BEGIN\s(?!ENCRYPTED)[^-]*PRIVATE[^-]*KEY[^-]{0,40}-----(.+-----END[^-]+KEY[^-]{0,40}-----)?)
  min_line_len: 27
  target:
    - code
    - doc

- name: BASE64 encoded PEM Private Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>[0-9A-Za-z_/+-]*LS0t(LS1CRUdJTiB|LUJFR0lOI|QkVHSU4g)[0-9A-Za-z_/+-]{0,11}(UFJJVkFURSBLRVkt|QUklWQVRFIEtFWS0t|FBSSVZBVEUgS0VZ)[0-9A-Za-z_/+-]+LS0t[0-9A-Za-z_/+-]+)
  filter_type:
    - ValueBase64EncodedPem
  min_line_len: 300
  required_substrings:
    - UFJJVkFURSBLRVkt
    - QUklWQVRFIEtFWS0t
    - FBSSVZBVEUgS0VZ
  target:
    - code
    - doc

- name: BASE64 Private Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>\bMII[A-Za-f][0-9A-Za-z/+]{8}(?s:[^!#$&()*\-.:;<=>?@\[\]^_{|}~]{8,8000}))
  filter_type:
    - ValueBase64KeyCheck
  min_line_len: 160
  required_substrings:
    - MII
  target:
    - code
    - doc

- name: Picatic API Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>sk_live_[0-9a-z]{32})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - sk_live_
  min_line_len: 40
  target:
    - code
    - doc

- name: Secret
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - secret
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 14
  required_substrings:
    - secret
  target:
    - code

- name: SendGrid API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?P<value>SG\.[\w_]{16,32}\.[\w_]{16,64})
  filter_type: GeneralPattern
  required_substrings:
    - SG.
  min_line_len: 34
  target:
    - code
    - doc

- name: Shopify Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>shp(at|ca|pa|ss)_[a-fA-F0-9]{32})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  required_substrings:
    - shp
  min_line_len: 38
  target:
    - code
    - doc

- name: Slack Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>xox[aboprst]\-[-a-zA-Z0-9]{10,250})
  filter_type: GeneralPattern
  validations:
    - SlackTokenValidation
  required_substrings:
    - xox
  min_line_len: 15
  target:
    - code
    - doc

- name: Slack Webhook
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>hooks\.slack\.com/services/T[0-9A-Z]{8,16}/B[0-9A-Z]{8,16}/\w{24})
  filter_type: GeneralPattern
  required_substrings:
    - hooks.slack.com/services/T
  min_line_len: 61
  target:
    - code
    - doc

- name: Stripe Standard API Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>sk_live_[0-9a-zA-Z]{24})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  validations:
    - StripeApiKeyValidation
  required_substrings:
    - sk_live_
  min_line_len: 32
  target:
    - code
    - doc

- name: Stripe Restricted API Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>rk_live_[0-9a-zA-Z]{24})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - rk_live_
  min_line_len: 32
  target:
    - code
    - doc

- name: Square Access Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>EAAA[0-9A-Za-z_-]{60})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  validations:
    - SquareAccessTokenValidation
  required_substrings:
    - EAAA
  min_line_len: 64
  target:
    - code
    - doc

- name: Square Client ID
  severity: medium
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  validations:
    - SquareClientIdValidation
  required_substrings:
    - sq0
  min_line_len: 29
  target:
    - code
    - doc

- name: Square OAuth Secret
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>sq0csp-[0-9A-Za-z_-]{43})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - sq0csp
  min_line_len: 50
  target:
    - code
    - doc

- name: Token
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - token(?!ize)
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 13
  required_substrings:
    - token
  target:
    - code

- name: Twilio API Key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>SK[0-9a-fA-F]{32})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - SK
  min_line_len: 34
  target:
    - code
    - doc

- name: URL Credentials
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?P<value_leftquote>["'])?\w{2,80}://[\w%.:-]*(?P<separator>:)(?P<value>[^\s/\@:]{3,80})@[\w.-]+\\*(?P<value_rightquote>["'])?
  filter_type: UrlCredentialsGroup
  use_ml: true
  required_substrings:
    - ://
  min_line_len: 10
  target:
    - code

- name: Auth
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - auth(?!ors?(?!i[tz]))
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 12
  required_substrings:
    - auth
  target:
    - code

- name: Key
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - key(?!word|board|pad|name)
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 11
  required_substrings:
    - key
  target:
    - code

- name: Telegram Bot API Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})(?![=0-9A-Za-z_+-])
  filter_type: GeneralPattern
  required_substrings:
    - :AA
  min_line_len: 45
  target:
    - code
    - doc

- name: PyPi API Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?P<value>pypi-[\w_\-]{150,8000})
  filter_type: GeneralPattern
  required_substrings:
    - pypi-
  min_line_len: 155
  target:
    - code
    - doc

- name: Github Classic Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>gh[pousr]_[0-9A-Za-z_]{36,255})
  filter_type:
    - ValueGitHubCheck
  validations:
    - GithubTokenValidation
  required_substrings:
    - ghp_
    - gho_
    - ghu_
    - ghs_
    - ghr_
  min_line_len: 40
  target:
    - code
    - doc

- name: Github Fine-granted Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>github_pat_[0-9A-Za-z_]{80,255})
  filter_type: GeneralPattern
  validations:
    - GithubTokenValidation
  required_substrings:
    - github_pat_
  min_line_len: 90
  target:
    - code
    - doc

- name: Firebase Domain
  severity: info
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_])(?P<value>[a-z0-9.-]+\.firebaseio\.com|[a-z0-9.-]+\.firebaseapp\.com)
  filter_type: GeneralPattern
  required_substrings:
    - .firebase
  min_line_len: 16
  target:
    - code
    - doc

- name: AWS S3 Bucket
  severity: info
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_])(?P<value>[a-z0-9.-]{3,63}\.s3\.amazonaws\.com|[a-z0-9.-]{3,63}\.s3-website[.-](eu|ap|us|ca|sa|cn))
  filter_type: GeneralPattern
  required_substrings:
    - .s3-website
    - .s3.amazonaws.com
  min_line_len: 14
  target:
    - code
    - doc

- name: Nonce
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - nonce
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 13
  required_substrings:
    - nonce
  target:
    - code

- name: Salt
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - salt
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 12
  required_substrings:
    - salt
  target:
    - code

- name: Certificate
  severity: medium
  confidence: moderate
  type: keyword
  values:
    - cert
  filter_type: GeneralKeyword
  use_ml: true
  min_line_len: 12
  required_substrings:
    - cert
  target:
    - code

- name: Jfrog Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>(cmVmdGtuO[0-9A-Za-z_-]{55}|AKCp[0-9A-Za-z_-]{69}))(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueJfrogTokenCheck
  required_substrings:
    - cmVmdGtuO
    - AKCp
  min_line_len: 64
  target:
    - code
    - doc

- name: Azure Access Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>eyJ[A-Za-z0-9_=-]{50,500}\.eyJ[A-Za-z0-9_=-]+\.[A-Za-z0-9_=-]+)
  filter_type:
    - ValueJsonWebTokenCheck
  required_substrings:
    - eyJ
  min_line_len: 148
  target:
    - code
    - doc

- name: Azure Secret Value
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>[a-zA-Z0-9_~.-]{3}8Q~[a-zA-Z0-9_~.-]{34})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 40
  required_substrings:
    - 8Q~
  target:
    - code
    - doc

- name: Bitbucket App Password
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>ATBB[A-Za-z0-9]{24}[A-F0-9]{8})(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueAtlassianTokenCheck
  min_line_len: 28
  required_substrings:
    - ATBB
  target:
    - code
    - doc

- name: Bitbucket Repository Access Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>ATCTT3xFfGN0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 183
  required_substrings:
    - ATCTT3xFfGN0
  target:
    - code
    - doc

- name: Bitbucket HTTP Access Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>BBDC-[NMO][ADgjQTwz][A-Za-z0-9+/]{42})(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueAtlassianTokenCheck
  min_line_len: 49
  required_substrings:
    - BBDC-
  target:
    - code
    - doc

- name: Bitbucket Client ID
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{18}([a-zA-Z0-9]{14})?)(?![0-9A-Za-z.$_/+-])
  filter_type: WeirdBase64Token
  min_line_len: 18
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Bitbucket Client Secret
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>([a-zA-Z0-9_-]{32}){1,2})(?![0-9A-Za-z.$_/+-])
  filter_type: WeirdBase64Token
  min_line_len: 32
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Jira / Confluence PAT token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_/+-])(?P<value>[NMO][ADgjQTwz][a-zA-Z0-9+/]{42})(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueAtlassianTokenCheck
  min_line_len: 44
  required_substrings:
    - M
    - N
    - O
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Atlassian Old PAT token
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{24})(?![=0-9A-Za-z.$_/+-])
  filter_type: WeirdBase64Token
  min_line_len: 24
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Atlassian PAT token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>ATATT3xFfGF0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 191
  required_substrings:
    - ATATT3xFfGF0
  target:
    - code
    - doc

- name: Digital Ocean Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>do[op]_v1_[a-f0-9]{64})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 71
  required_substrings:
    - doo_v1_
    - dop_v1_
  target:
    - code
    - doc

- name: Dropbox OAuth2 API Access Token
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>sl.[A-Za-z0-9_-]{135})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 138
  required_substrings:
    - sl.
  target:
    - code
    - doc

- name: NuGet API key
  severity: high
  confidence: moderate
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>oy2[a-z0-9]{43})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 46
  required_substrings:
    - oy2
  target:
    - code
    - doc

- name: Gitlab PAT
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>glpat-[a-zA-Z0-9_-]{20})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 26
  required_substrings:
    - glpat-
  target:
    - code
    - doc

- name: Gitlab Pipeline Trigger Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>glptt-[a-f0-9]{40})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 46
  required_substrings:
    - glptt-
  target:
    - code
    - doc

- name: Gitlab Registration Runner Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>GR1348941[a-zA-Z0-9_-]{20})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 29
  required_substrings:
    - GR1348941
  target:
    - code
    - doc

- name: Gitlab Registration Runner Token 2023
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>glrt-[a-zA-Z0-9_-]{20})(?![=0-9A-Za-z_+-])
  filter_type: TokenPattern
  min_line_len: 25
  required_substrings:
    - glrt-
  target:
    - code
    - doc

- name: Grafana Provisioned API Key
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>eyJ[a-zA-Z0-9=/-]{64,360})(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueGrafanaCheck
  min_line_len: 67
  required_substrings:
    - eyJ
  target:
    - code
    - doc

- name: Grafana Access Policy Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?P<value>glc_eyJ[a-zA-Z0-9=/-]{80,360})(?![=0-9A-Za-z_+-])
  filter_type:
    - ValueGrafanaCheck
  min_line_len: 87
  required_substrings:
    - glc_eyJ
  target:
    - code
    - doc

- name: Dropbox API secret (long term)
  severity: high
  confidence: weak
  type: pattern
  values:
    - (?<![0-9A-Za-z_+-])(?=[A-Za-z0-9]{64})(?P<value>[A-Za-z0-9]{10,12}[B-Za-z0-9]A{10,12}[B-Za-z0-9][A-Za-z0-9]{40,44})(?![=0-9A-Za-z_+-])
  filter_type: []
  min_line_len: 43
  required_substrings:
    - AAAAAAAAAA
  target:
    - code
    - doc

- name: Dropbox App secret
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{15})(?![=0-9A-Za-z_/+-])
  filter_type: WeirdBase36Token
  min_line_len: 15
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Gitlab Incoming Email Token
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{24,25})(?![=0-9A-Za-z_/+-])
  filter_type: WeirdBase36Token
  min_line_len: 24
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Gitlab Feed Token
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9_-]{20})(?![=0-9A-Za-z_/+-])
  filter_type: WeirdBase64Token
  min_line_len: 20
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: Jira 2FA
  severity: info
  confidence: weak
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>[A-Z2-7]{16})(?![=0-9A-Za-z_/+-])
  filter_type:
    - ValueCoupleKeywordCheck
    - ValuePatternCheck
    - ValueEntropyBase32Check
    - ValueBase32DataCheck
    - ValueTokenBase32Check
  min_line_len: 16
  required_regex: "[a-zA-Z0-9_/+-]{15,80}"
  target:
    - code
    - doc

- name: OpenAI Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>sk-\w{20}T3BlbkFJ\w{20})(?![=0-9A-Za-z_/+-])
  min_line_len: 51
  required_regex: T3BlbkFJ
  target:
    - code
    - doc

- name: Docker Swarm Token
  severity: high
  confidence: strong
  type: pattern
  values:
    - (?<![.0-9A-Za-z_/+-])(?P<value>SWMTKN-1-[0-9a-z]{50}-[0-9a-z]{25})(?![=0-9A-Za-z_/+-])
  min_line_len: 85
  filter_type:
    - ValueCoupleKeywordCheck
  required_regex: SWMTKN-1-
  target:
    - code
    - doc