1- name: DOC_GET
2 severity: medium
3 confidence: moderate
4 type: pattern
5 values:
6 - (?P<variable>(\w*(?i:비밀번호|비번|패스워드|키|암호화?|토큰|(?<!by)pass(?!e[dns]|ing|ion|age)|\bpwd?\b|token(?!ize)|secret|key(?!word|board|pad)|cred)\w*)\s*(설정은|[=:!]{1,3}))?\s*([._0-9A-Za-z\[\]]*get(env)?\s*\(\s*(?(variable)[^,]+|[\"'\\]*(\\*([\"']|&(quot|apos|#3[49]);)){0,4}(\w*(?i:(?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,64})|\bpwd?\b|token|secret|key|cred)\w*))(\\*([\"']|&(quot|apos|#3[49]);)){0,4})\s*(,(\s*default\s*=)?|\)\s*or)\s*([brufl@]{1,2}(?=\\*[\"'&]))?(?P<lq>(\\*([\"']|&(quot|apos|#3[49]);)){1,4})(?P<value>(.(?!(?P=lq))){4,8000}.?)
7 filter_type:
8 - ValueAllowlistCheck
9 - ValueBlocklistCheck
10 - LineGitBinaryCheck
11 - LineUUEPartCheck
12 - ValueFilePathCheck
13 - ValuePatternCheck(5)
14 min_line_len: 8
15 required_substrings:
16 - pass
17 - pw
18 - token
19 - secret
20 - key
21 - cred
22 - 비밀번호
23 - 비번
24 - 패스워드
25 - 암호
26 - 키
27 - 토큰
28 target:
29 - doc
30 use_ml: true
31
32- name: DOC_CREDENTIALS
33 severity: medium
34 confidence: moderate
35 type: pattern
36 values:
37 - (?P<wrap>[\"'`(])?\s*(?P<variable>(\w*(?i:(?<!by)passw?o?r?d?s?(?!e[dns]|ing|ion|age)|pwd?\b|\bp/w\b|token(?!ize)|secret|key(?!word|board|pad)|credential)\w*|비밀번호|비번|패스워드|키|암호화?|토큰))[\"'`]*(\s+(?i:is|are|was|were)(\s*[:-])?\s+|\s*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])\s*)(?P<quote>[\"'`]{1,6})?(?P<value>(?(quote)(?(wrap)[^\"'`)]{4,8000}|[^\"'`]{4,8000})|(?(wrap)[^\"'`)]{4,8000}|\S{4,8000})))
38 filter_type:
39 - ValueAllowlistCheck
40 - ValueBlocklistCheck
41 - LineGitBinaryCheck
42 - LineUUEPartCheck
43 - ValueFilePathCheck
44 - ValuePatternCheck(5)
45 - ValueSealedSecretCheck
46 min_line_len: 8
47 required_substrings:
48 - pass
49 - sword
50 - pw
51 - p/w
52 - paasw
53 - 비밀번호
54 - 비번
55 - 패스워드
56 - 암호
57 - token
58 - secret
59 - key
60 - credential
61 - 키
62 - 토큰
63 target:
64 - doc
65 use_ml: true
66
67- name: SECRET_PAIR
68 severity: medium
69 confidence: moderate
70 type: pattern
71 values:
72 - (?P<variable>[\"'`]?(?i:token|secret|key|키|암호화?|토큰)[\"'`]?)((\s)*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])(\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,80}(?(a)(?(b)(?(c)((?(quote)[^)\"'`]{1,8000}|([0-9A-Za-z/_+=~!@#$%^&*;:?-]{1,8000}|\b))|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
73 filter_type:
74 - ValueAllowlistCheck
75 - ValuePatternCheck(4)
76 - ValueEntropyBase64Check
77 - ValueMorphemesCheck
78 - ValueSealedSecretCheck
79 min_line_len: 16
80 required_substrings:
81 - token
82 - secret
83 - key
84 - 키
85 - 암호
86 - 토큰
87 target:
88 - doc
89 use_ml: true
90
91- name: PASSWD_PAIR
92 severity: medium
93 confidence: moderate
94 type: pattern
95 values:
96 - (?P<variable>[\"'`]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[\"'`]?)((\s)*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])(\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,64}(?(a)(?(b)(?(c)((?(quote)[^)\"'`]{1,8000}|([0-9A-Za-z/_+=~!@#$%^&*;:?-]{1,8000}|\b))|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
97 filter_type:
98 - ValueAllowlistCheck
99 - ValuePatternCheck(4)
100 - ValueDictionaryKeywordCheck
101 - LineGitBinaryCheck
102 - LineUUEPartCheck
103 - ValueFilePathCheck
104 - ValueHexNumberCheck
105 - ValueSealedSecretCheck
106 min_line_len: 10
107 required_substrings:
108 - pass
109 - sword
110 - pw
111 - p/w
112 - paasw
113 - 비밀번호
114 - 비번
115 - 패스워드
116 - 암호
117 target:
118 - doc
119 use_ml: true
120
121- name: IP_ID_PASSWORD_TRIPLE
122 severity: medium
123 confidence: moderate
124 type: pattern
125 values:
126 - (^|\s|(?P<variable>(?i:\bip[\s/]{1,80}id[\s/]{1,80}pw[\s/:]{0,80}))|(?P<url>://))(?P<ip>(?<![0-9.])[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}(?![0-9.]))((\s*[(])?|(?(variable)[\s,/]{1,80}|(?(url)[,]|[,/])))\s*\w[\w.-]{3,80}[\s,/]{1,80}(?P<value>(?(url)(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_+=~!@#$%^&*;?-])){7,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?-i:(?P<e>[A-Z])|(?P<f>[a-z])|(?P<g>[0-9/_+=~!@#$%^&*;?-])){7,64}(?(e)(?(f)(?(g)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)))(?:\s|[^/]|$)
127 filter_type:
128 - ValueAllowlistCheck
129 - ValuePatternCheck(4)
130 - ValueDictionaryKeywordCheck
131 min_line_len: 10
132 required_substrings:
133 - "."
134 target:
135 - doc
136 use_ml: true
137
138- name: ID_PAIR_PASSWD_PAIR
139 severity: medium
140 confidence: moderate
141 type: pattern
142 values:
143 - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*(?P<quote>[\"'`]{1,8})?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)(?P=quote)|(\s|$))
144 - (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
145 filter_type:
146 - ValueAllowlistCheck
147 - ValuePatternCheck(4)
148 min_line_len: 10
149 required_substrings:
150 - pass
151 - sword
152 - p/w
153 - pw
154 - 비밀번호
155 - 비번
156 - 패스워드
157 - 암호
158 target:
159 - doc
160 use_ml: true
161
162- name: ID_PASSWD_PAIR
163 severity: medium
164 confidence: moderate
165 type: pattern
166 values:
167 - (?P<variable>[\w.-]{0,80}(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]{0,80}(?(id)[ :(/]{1,80}|[:(/]{1,80})(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]{1,80}|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,64})[ :\(/\"',]{1,80}(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))
168 filter_type:
169 - ValueAllowlistCheck
170 - ValuePatternCheck(4)
171 - ValueDictionaryKeywordCheck
172 min_line_len: 10
173 required_substrings:
174 - pw
175 - pass
176 - sword
177 - 비밀번호
178 - 비번
179 - 패스워드
180 - 암호
181 target:
182 - doc
183 use_ml: true
184
185- name: UUID
186 severity: info
187 confidence: strong
188 type: pattern
189 values:
190 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-F]{8}(-[0-9A-F]{4}){3}-[0-9A-F]{12}|[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12})(?![0-9A-Za-z_+-])
191 min_line_len: 36
192 required_substrings:
193 - "-"
194 filter_type:
195 - ValuePatternCheck(4)
196 use_ml: false
197 target:
198 - code
199 - doc
200
201- name: Akamai Credentials
202 severity: high
203 confidence: strong
204 type: pattern
205 values:
206 - (?P<value>akab-[0-9a-z]{16}-[0-9a-z]{16})(?!\.[0-9a-z-]{1,80}\.akamaiapis\.net)
207 filter_type: GeneralPattern
208 required_substrings:
209 - akab-
210 min_line_len: 38
211 target:
212 - code
213 - doc
214
215- name: Amazon Bedrock API Key
216 severity: high
217 confidence: moderate
218 type: pattern
219 values:
220 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(ABSK|bedrock-api-key-)[0-9A-Za-z/+]{28,800})(?![0-9A-Za-z/+])
221 filter_type: GeneralPattern
222 required_substrings:
223 - ABSK
224 - bedrock-api-key-
225 min_line_len: 44
226 target:
227 - code
228 - doc
229
230- name: AWS Client ID
231 severity: high
232 confidence: moderate
233 type: pattern
234 values:
235 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(A3T[0-9A-Z]|ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})(?![0-9A-Za-z_+-])
236 filter_type: GeneralPattern
237 required_substrings:
238 - A3T
239 - ABIA
240 - ACCA
241 - AGPA
242 - AIDA
243 - AIPA
244 - AKIA
245 - ANPA
246 - ANVA
247 - AROA
248 - APKA
249 - ASCA
250 - ASIA
251 min_line_len: 20
252 required_regex: "[0-9A-Za-z_/+-]{15}"
253 target:
254 - code
255 - doc
256
257- name: AWS Multi
258 severity: high
259 confidence: moderate
260 type: multi
261 values:
262 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>A(KIA|SIA)[0-9A-Z]{16})(?![0-9A-Za-z_])
263 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>((?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/+])){40,44}(?(a)(?(b)(?(c)\b|(?!x)x)|(?!x)x)|(?!x)x))(?![0-9A-Za-z/+])
264 filter_type:
265 - LineSpecificKeyCheck
266 - ValuePatternCheck
267 - ValueBase64PartCheck
268 - ValueMorphemesCheck
269 required_substrings:
270 - AKIA
271 - ASIA
272 min_line_len: 20
273 required_regex: "[0-9A-Za-z_/+-]{15}"
274 target:
275 - code
276 - doc
277
278- name: AWS MWS Key
279 severity: high
280 confidence: strong
281 type: pattern
282 values:
283 - (?P<value>amzn\.mws\.[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})(?![0-9A-Za-z_-])
284 filter_type: GeneralPattern
285 required_substrings:
286 - amzn.mws.
287 min_line_len: 30
288 target:
289 - code
290 - doc
291
292- name: Dynatrace API Token
293 severity: high
294 confidence: moderate
295 type: pattern
296 values:
297 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>dt0[A-Za-z]{1}[0-9]{2}\.[0-9A-Z]{24}\.[0-9A-Z]{64})(?![0-9A-Za-z_-])
298 filter_type: TokenPattern
299 required_substrings:
300 - dt0
301 min_line_len: 90
302 target:
303 - code
304 - doc
305
306- name: Facebook Access Token
307 severity: high
308 confidence: moderate
309 type: pattern
310 values:
311 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>EAA[0-9A-Za-z]{80,800})
312 filter_type:
313 - ValuePatternCheck
314 - ValueBase64PartCheck
315 - ValueNotPartEncodedCheck
316 required_substrings:
317 - EAA
318 min_line_len: 80
319 target:
320 - code
321 - doc
322
323- name: Facebook App Token
324 severity: high
325 confidence: moderate
326 type: pattern
327 values:
328 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{12,18}\|[0-9A-Za-z_-]{24,28})(?![0-9A-Za-z_+-])
329 filter_type: TokenPattern
330 required_substrings:
331 - "|"
332 required_regex: "[0-9A-Za-z_/+-]{15}"
333 min_line_len: 33
334 target:
335 - code
336 - doc
337
338- name: Google API Key
339 severity: high
340 confidence: moderate
341 type: pattern
342 values:
343 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>AIza[0-9A-Za-z_-]{35})
344 filter_type: TokenPattern
345 required_substrings:
346 - AIza
347 min_line_len: 39
348 target:
349 - code
350 - doc
351
352- name: Google Multi
353 severity: high
354 confidence: moderate
355 type: multi
356 values:
357 - (?P<value>[0-9]{3,80}-[0-9a-z_]{32}\.apps\.googleusercontent\.com)
358 - \b(?P<value>GOCSPX-[0-9A-Za-z_-]{28}|((?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_-])){24,80}(?(a)(?(b)(?(c)\b|(?!x)x)|(?!x)x)|(?!x)x))
359 filter_type: GeneralPattern
360 required_substrings:
361 - .apps.googleusercontent.com
362 min_line_len: 40
363 target:
364 - code
365 - doc
366
367- name: Google OAuth Secret
368 severity: high
369 confidence: strong
370 type: pattern
371 values:
372 - (?P<value>GOCSPX-[0-9A-Za-z_-]{28})(?![0-9A-Za-z_-])
373 filter_type: TokenPattern
374 required_substrings:
375 - GOCSPX-
376 min_line_len: 40
377 target:
378 - code
379 - doc
380
381- name: Google OAuth Access Token
382 severity: high
383 confidence: moderate
384 type: pattern
385 values:
386 - (?P<value>ya29\.[0-9A-Za-z_-]{22,8000})
387 filter_type: TokenPattern
388 required_substrings:
389 - ya29.
390 min_line_len: 27
391 target:
392 - code
393 - doc
394
395- name: Google OAuth Refresh Token
396 severity: medium
397 confidence: weak
398 type: pattern
399 values:
400 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>1//0[0-9A-Za-z_-]{80,8000})
401 filter_type: TokenPattern
402 required_substrings:
403 - 1//0
404 min_line_len: 84
405 target:
406 - code
407 - doc
408
409- name: Heroku Credentials
410 severity: high
411 confidence: strong
412 type: pattern
413 values:
414 - (?P<value>HRKU-([0-9A-Za-z_-]{60}|[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}))
415 filter_type: TokenPattern
416 required_substrings:
417 - HRKU-
418 min_line_len: 41
419 target:
420 - code
421 - doc
422
423- name: Instagram Access Token
424 severity: high
425 confidence: strong
426 type: pattern
427 values:
428 - (?P<value>IGQVJ[=0-9A-Za-z_-]{100,8000})(?![=0-9A-Za-z_-])
429 filter_type: TokenPattern
430 required_substrings:
431 - IGQVJ
432 min_line_len: 105
433 target:
434 - code
435 - doc
436
437- name: JSON Web Token
438 severity: medium
439 confidence: strong
440 type: pattern
441 values:
442 - (?P<value>eyJ[=0-9A-Za-z_+/-]{15,8000}(\.[=0-9A-Za-z_+/-]{0,8000}){2,16})(?![=0-9A-Za-z_-])
443 filter_type:
444 - ValueJsonWebTokenCheck
445 required_substrings:
446 - eyJ
447 min_line_len: 64
448 target:
449 - code
450 - doc
451
452- name: JSON Web Key
453 severity: medium
454 confidence: strong
455 type: pattern
456 values:
457 - (?P<value>\b(e(yJ|yAi|woi|wog|w0K)|W(yJ|3si|wp7|wog|w0K|3sK))[0-9A-Za-z_+/-]{60,8000})
458 filter_type:
459 - ValueJsonWebKeyCheck
460 required_substrings:
461 - eyJ
462 - eyAi
463 - ewoi
464 - ewog
465 - ew0K
466 - WyJ
467 - W3si
468 - Wwp7
469 - Wwog
470 - Ww0K
471 - W3sK
472 min_line_len: 64
473 target:
474 - code
475 - doc
476
477- name: JWK
478 severity: medium
479 confidence: moderate
480 type: multi
481 values:
482 - (?P<value>['"]?\b(?P<variable>kty)[^0-9A-Za-z_-]{1,8}(RSA|EC|oct)\b['"]?)
483 - (?P<variable>\b[dk])[^0-9A-Za-z_-]{1,8}(?P<value>[0-9A-Za-z_-]{22,8000})(?![=0-9A-Za-z_-])
484 filter_type:
485 - ValuePatternCheck
486 - ValueMorphemesCheck
487 required_substrings:
488 - kty
489 min_line_len: 8
490 target:
491 - code
492 - doc
493
494- name: MailChimp API Key
495 severity: high
496 confidence: moderate
497 type: pattern
498 values:
499 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_-]{32}-us[0-9]{1,2})(?![0-9A-Za-z_-])
500 filter_type: TokenPattern
501 required_substrings:
502 - -us
503 min_line_len: 35
504 target:
505 - code
506 - doc
507
508- name: MailGun API Key
509 severity: high
510 confidence: moderate
511 type: pattern
512 values:
513 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>key-[0-9a-z]{32}|[0-9a-f]{32}-[0-9a-f]{8}-[0-9a-f]{8})(?![0-9A-Za-z_-])
514 filter_type: TokenPattern
515 required_regex: "[0-9A-Za-z_/+-]{15}"
516 min_line_len: 36
517 target:
518 - code
519 - doc
520
521- name: PayPal Braintree Access Token
522 severity: high
523 confidence: strong
524 type: pattern
525 values:
526 - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32})(?![0-9A-Za-z_-])
527 filter_type: GeneralPattern
528 required_substrings:
529 - access_token$production$
530 min_line_len: 72
531 target:
532 - code
533 - doc
534
535- name: PEM Private Key
536 severity: high
537 confidence: strong
538 type: pem_key
539 values:
540 - (?P<value>-----BEGIN(?![^-]*ENCRYPTED)[^-]*PRIVATE[^-]*KEY[^-]*-----)
541 min_line_len: 27
542 target:
543 - code
544 - doc
545
546- name: BASE64 encoded PEM Private Key
547 severity: high
548 confidence: strong
549 type: pattern
550 values:
551 - (?P<value>[0-9A-Za-z_/+-]{0,8000}LS0t(LS1CRUdJTiB|LUJFR0lOI|QkVHSU4g)[0-9A-Za-z_/+-]{0,11}(UFJJVkFURSBLRVkt|QUklWQVRFIEtFWS0t|FBSSVZBVEUgS0VZ)[0-9A-Za-z_/+-]{1,8000}LS0t[0-9A-Za-z_/+-]{1,8000})
552 filter_type:
553 - ValueBase64EncodedPem
554 min_line_len: 300
555 required_substrings:
556 - UFJJVkFURSBLRVkt
557 - QUklWQVRFIEtFWS0t
558 - FBSSVZBVEUgS0VZ
559 target:
560 - code
561 - doc
562
563- name: BASE64 Private Key
564 severity: high
565 confidence: strong
566 type: pattern
567 values:
568 - (?P<value>MII[A-Za-f][0-9A-Za-z/+]{8}(?s:[^!#$&()*\-.:;<=>?@\[\]^_{|}~]{8,8000}))
569 filter_type:
570 - ValueBase64KeyCheck
571 min_line_len: 160
572 required_substrings:
573 - MII
574 target:
575 - code
576 - doc
577
578- name: Picatic API Key
579 severity: high
580 confidence: strong
581 type: pattern
582 values:
583 - (?P<value>sk_live_[0-9a-z]{32})(?![0-9A-Za-z_-])
584 filter_type: GeneralPattern
585 required_substrings:
586 - sk_live_
587 min_line_len: 40
588 target:
589 - code
590 - doc
591
592- name: SendGrid API Key
593 severity: high
594 confidence: moderate
595 type: pattern
596 values:
597 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>SG\.[0-9A-Za-z_-]{16,32}\.[0-9A-Za-z_-]{16,64})
598 filter_type: TokenPattern
599 required_substrings:
600 - SG.
601 min_line_len: 34
602 target:
603 - code
604 - doc
605
606- name: Shopify Token
607 severity: high
608 confidence: strong
609 type: pattern
610 values:
611 - (?P<value>shp(at|ca|pa|ss|tka)_[0-9A-Fa-f]{32})(?![0-9A-Za-z_-])
612 filter_type: TokenPattern
613 required_substrings:
614 - shp
615 min_line_len: 38
616 target:
617 - code
618 - doc
619
620- name: Slack Token
621 severity: high
622 confidence: strong
623 type: pattern
624 values:
625 - (?P<value>(xapp|xox[a-z])\-[0-9A-Za-z-]{10,250})(?![0-9A-Za-z_-])
626 filter_type: TokenPattern
627 required_substrings:
628 - xox
629 - xapp
630 min_line_len: 15
631 target:
632 - code
633 - doc
634
635- name: Slack Webhook
636 severity: medium
637 confidence: strong
638 type: pattern
639 values:
640 - (?P<variable>hooks\.slack\.com/services)(?P<value>/T[0-9A-Z]{8,16}/B[0-9A-Z]{8,16}/[0-9A-Za-z_]{24})
641 filter_type: GeneralPattern
642 required_substrings:
643 - hooks.slack.com/services/T
644 min_line_len: 61
645 target:
646 - code
647 - doc
648
649- name: Stripe Credentials
650 severity: high
651 confidence: strong
652 type: pattern
653 values:
654 - (?P<value>(whsec|[prs]k_(test|live))_[0-9A-Za-z]{24,160})
655 filter_type: GeneralPattern
656 required_substrings:
657 - k_live_
658 - k_test_
659 - whsec_
660 min_line_len: 32
661 target:
662 - code
663 - doc
664
665- name: Square Access Token
666 severity: high
667 confidence: moderate
668 type: pattern
669 values:
670 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>EAAA[0-9A-Za-z_-]{60})(?![0-9A-Za-z_-])
671 filter_type:
672 - ValuePatternCheck
673 - ValueBase64PartCheck
674 required_substrings:
675 - EAAA
676 min_line_len: 64
677 target:
678 - code
679 - doc
680
681- name: Square Credentials
682 severity: medium
683 confidence: strong
684 type: pattern
685 values:
686 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22}([0-9A-Za-z_-]{21})?)(?![0-9A-Za-z_-])
687 filter_type: TokenPattern
688 required_substrings:
689 - sq0
690 min_line_len: 29
691 target:
692 - code
693 - doc
694
695- name: Twilio Credentials
696 severity: high
697 confidence: moderate
698 type: pattern
699 values:
700 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(AC|AD|AL|CA|CF|CL|CN|CR|FW|IP|KS|MM|NO|PK|PN|QU|RE|SC|SD|SK|SM|TR|UT|XE|XR)[0-9A-Fa-f]{32})(?![0-9A-Za-z_+-])
701 filter_type: TokenPattern
702 required_substrings:
703 - AC
704 - AD
705 - AL
706 - CA
707 - CF
708 - CL
709 - CN
710 - CR
711 - FW
712 - IP
713 - KS
714 - MM
715 - "NO"
716 - PK
717 - PN
718 - QU
719 - RE
720 - SC
721 - SD
722 - SK
723 - SM
724 - TR
725 - UT
726 - XE
727 - XR
728 min_line_len: 34
729 target:
730 - code
731 - doc
732
733- name: Telegram Bot API Token
734 severity: high
735 confidence: moderate
736 type: pattern
737 values:
738 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})(?![0-9A-Za-z_-])
739 filter_type: TokenPattern
740 required_substrings:
741 - :AA
742 min_line_len: 45
743 target:
744 - code
745 - doc
746
747- name: PyPi API Token
748 severity: high
749 confidence: strong
750 type: pattern
751 values:
752 - (?P<value>pypi-[0-9A-Za-z_-]{150,255})
753 filter_type: TokenPattern
754 required_substrings:
755 - pypi-
756 min_line_len: 155
757 target:
758 - code
759 - doc
760
761- name: NPM Token
762 severity: high
763 confidence: strong
764 type: pattern
765 values:
766 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>npm_[0-9A-Za-z_-]{36,255})
767 filter_type:
768 - ValueGitHubCheck
769 required_substrings:
770 - npm_
771 min_line_len: 40
772 target:
773 - code
774 - doc
775
776- name: Github Classic Token
777 severity: high
778 confidence: strong
779 type: pattern
780 values:
781 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>gh[pousr]_[0-9A-Za-z_-]{36,255})
782 filter_type:
783 - ValueGitHubCheck
784 required_substrings:
785 - ghp_
786 - gho_
787 - ghu_
788 - ghs_
789 - ghr_
790 min_line_len: 40
791 target:
792 - code
793 - doc
794
795- name: Github Fine-granted Token
796 severity: high
797 confidence: strong
798 type: pattern
799 values:
800 - (?P<value>github_pat_[0-9A-Za-z_]{80,255})
801 filter_type: GeneralPattern
802 required_substrings:
803 - github_pat_
804 min_line_len: 90
805 target:
806 - code
807 - doc
808
809- name: Firebase Domain
810 severity: info
811 confidence: moderate
812 type: pattern
813 values:
814 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9.-]{1,80}\.firebaseio\.com|[a-z0-9.-]{1,80}\.firebaseapp\.com)
815 filter_type: GeneralPattern
816 required_substrings:
817 - .firebase
818 min_line_len: 16
819 target:
820 - code
821 - doc
822
823- name: AWS S3 Bucket
824 severity: info
825 confidence: moderate
826 type: pattern
827 values:
828 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9.-]{3,63}\.s3\.amazonaws\.com|[a-z0-9.-]{3,63}\.s3-website[.-](eu|ap|us|ca|sa|cn))
829 filter_type: GeneralPattern
830 required_substrings:
831 - .s3-website
832 - .s3.amazonaws.com
833 min_line_len: 14
834 target:
835 - code
836 - doc
837
838- name: Jfrog Token
839 severity: high
840 confidence: strong
841 type: pattern
842 values:
843 - (?P<value>(cmVmdGtuO[0-9A-Za-z_-]{55}|AKCp[0-9A-Za-z_-]{69}))(?![0-9A-Za-z_-])
844 filter_type:
845 - ValueJfrogTokenCheck
846 required_substrings:
847 - cmVmdGtuO
848 - AKCp
849 min_line_len: 64
850 target:
851 - code
852 - doc
853
854- name: Azure Access Token
855 severity: high
856 confidence: strong
857 type: pattern
858 values:
859 - (?P<value>eyJ[=0-9A-Za-z_-]{50,500}\.eyJ[=0-9A-Za-z_-]{8,8000}\.[=0-9A-Za-z_-]{18,800})
860 filter_type:
861 - ValueAzureTokenCheck
862 required_substrings:
863 - eyJ
864 min_line_len: 148
865 target:
866 - code
867 - doc
868
869- name: Azure Secret Value
870 severity: high
871 confidence: moderate
872 type: pattern
873 values:
874 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_~.-]{3}8Q~[0-9A-Za-z_~.-]{34})(?![0-9A-Za-z_-])
875 filter_type: TokenPattern
876 min_line_len: 40
877 required_substrings:
878 - 8Q~
879 target:
880 - code
881 - doc
882
883- name: Azure Storage Account Key
884 severity: high
885 confidence: moderate
886 type: pattern
887 values:
888 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z]{52}JQQJ9[9DH][0-9A-Za-z]{26}([0-9A-Za-z=]{4})?)(?![0-9A-Za-z_/+-])
889 min_line_len: 80
890 filter_type:
891 - ValuePatternCheck(17)
892 required_substrings:
893 - JQQJ99
894 - JQQJ9D
895 - JQQJ9H
896 target:
897 - code
898 - doc
899
900- name: Bitbucket App Password
901 severity: high
902 confidence: strong
903 type: pattern
904 values:
905 - (?P<value>ATBB[0-9A-Za-z]{24}[A-F0-9]{8})(?![0-9A-Za-z_])
906 filter_type:
907 - ValueAtlassianTokenCheck
908 min_line_len: 28
909 required_substrings:
910 - ATBB
911 target:
912 - code
913 - doc
914
915- name: Bitbucket Repository Access Token
916 severity: high
917 confidence: strong
918 type: pattern
919 values:
920 - (?P<value>ATCTT3xFfGN0[0-9A-Za-z_-]{80,800}(\\?=|%3[dD])[A-F0-9]{8})
921 filter_type:
922 - ValueAtlassianTokenCheck
923 min_line_len: 160
924 required_substrings:
925 - ATCTT3xFfGN0
926 target:
927 - code
928 - doc
929
930- name: Bitbucket HTTP Access Token
931 severity: high
932 confidence: strong
933 type: pattern
934 values:
935 - (?P<value>BBDC-[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{40})
936 filter_type:
937 - ValueAtlassianTokenCheck
938 min_line_len: 49
939 required_substrings:
940 - BBDC-
941 target:
942 - code
943 - doc
944
945- name: Jira / Confluence PAT token
946 severity: high
947 confidence: strong
948 type: pattern
949 values:
950 - (?<!BBDC-)(?P<value>[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{40})(?![0-9A-Za-z_-])
951 filter_type:
952 - ValueAtlassianTokenCheck
953 min_line_len: 44
954 required_substrings:
955 - M
956 - N
957 - O
958 required_regex: "[0-9A-Za-z_/+-]{15}"
959 target:
960 - code
961 - doc
962
963- name: Atlassian PAT token
964 severity: high
965 confidence: strong
966 type: pattern
967 values:
968 - (?P<value>ATATT3xFfGF0[0-9A-Za-z_-]{80,800}(\\?=|%3[dD])[A-F0-9]{8})
969 filter_type:
970 - ValueAtlassianTokenCheck
971 min_line_len: 160
972 required_substrings:
973 - ATATT3xFfGF0
974 target:
975 - code
976 - doc
977
978- name: Digital Ocean Token
979 severity: high
980 confidence: strong
981 type: pattern
982 values:
983 - (?P<value>do[opr]_v1_[a-f0-9]{64})(?![0-9A-Za-z_-])
984 filter_type: TokenPattern
985 min_line_len: 71
986 required_substrings:
987 - doo_v1_
988 - dop_v1_
989 - dor_v1_
990 target:
991 - code
992 - doc
993
994- name: Dropbox OAuth2 API Access Token
995 severity: high
996 confidence: moderate
997 type: pattern
998 values:
999 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sl\.(u\.)?[0-9A-Za-z_-]{77,177})(?![0-9A-Za-z_-])
1000 filter_type: TokenPattern
1001 min_line_len: 80
1002 required_substrings:
1003 - sl.
1004 target:
1005 - code
1006 - doc
1007
1008- name: NuGet API key
1009 severity: high
1010 confidence: moderate
1011 type: pattern
1012 values:
1013 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>oy2[a-z0-9]{43})(?![0-9A-Za-z_-])
1014 filter_type: TokenPattern
1015 min_line_len: 46
1016 required_substrings:
1017 - oy2
1018 target:
1019 - code
1020 - doc
1021
1022- name: Gitlab Prefix Token
1023 severity: high
1024 confidence: strong
1025 type: pattern
1026 values:
1027 - (?P<value>(_gitlab_session=|GR1348941|gl(agent|soat|ffct|p[at]t|oas|cbt|imt|rtr|[dfrw]t)-)[0-9A-Za-z_-]{20,64}(\.[0-9A-Za-z_-]{2,16}){0,2})(?![0-9A-Za-z_-])
1028 filter_type:
1029 - ValuePatternCheck
1030 min_line_len: 25
1031 required_substrings:
1032 - _gitlab_session=
1033 - GR1348941
1034 - glagent-
1035 - glsoat-
1036 - glffct-
1037 - glpat-
1038 - gloas-
1039 - glptt-
1040 - glcbt-
1041 - glimt-
1042 - gldt-
1043 - glft-
1044 - glrt-
1045 - glrtr-
1046 - glwt-
1047 target:
1048 - code
1049 - doc
1050
1051- name: Grafana Provisioned API Key
1052 severity: high
1053 confidence: strong
1054 type: pattern
1055 values:
1056 - (?P<value>eyJ[=0-9A-Za-z_-]{64,360})(?![=0-9A-Za-z_-])
1057 filter_type:
1058 - ValueGrafanaCheck
1059 min_line_len: 67
1060 required_substrings:
1061 - eyJ
1062 target:
1063 - code
1064 - doc
1065
1066- name: Grafana Access Policy Token
1067 severity: high
1068 confidence: strong
1069 type: pattern
1070 values:
1071 - (?P<value>glc_eyJ[0-9A-Za-z_-]{80,360})(?![0-9A-Za-z_-])
1072 filter_type:
1073 - ValueGrafanaCheck
1074 min_line_len: 87
1075 required_substrings:
1076 - glc_eyJ
1077 target:
1078 - code
1079 - doc
1080
1081- name: Grafana Service Account Token
1082 severity: high
1083 confidence: strong
1084 type: pattern
1085 values:
1086 - (?P<value>glsa_[0-9A-Za-z_-]{32}_[0-9A-Fa-f]{8})
1087 min_line_len: 46
1088 filter_type:
1089 - ValueGrafanaServiceCheck
1090 required_substrings:
1091 - glsa_
1092 target:
1093 - code
1094 - doc
1095
1096- name: Dropbox API secret (long term)
1097 severity: high
1098 confidence: weak
1099 type: pattern
1100 values:
1101 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?=[0-9A-Za-z]{64})(?P<value>[0-9A-Za-z]{10,12}[B-Za-z0-9]A{10,12}[B-Za-z0-9][0-9A-Za-z]{40,44})(?![=0-9A-Za-z_/+-])
1102 filter_type: [ ]
1103 min_line_len: 43
1104 required_substrings:
1105 - AAAAAAAAAA
1106 target:
1107 - code
1108 - doc
1109
1110- name: Dropbox App secret
1111 severity: info
1112 confidence: weak
1113 type: pattern
1114 values:
1115 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9]{15})(?![=0-9A-Za-z_/+-])
1116 filter_type: WeirdBase36Token
1117 min_line_len: 15
1118 required_regex: "[0-9A-Za-z_/+-]{15}"
1119 target:
1120 - code
1121 - doc
1122
1123- name: Hashicorp Vault Token
1124 severity: high
1125 confidence: strong
1126 type: pattern
1127 values:
1128 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>hv[brs]\.[0-9A-Za-z_-]{80,160})
1129 filter_type:
1130 - ValuePatternCheck
1131 - ValueEntropyBase64Check
1132 min_line_len: 90
1133 required_substrings:
1134 - hvb.
1135 - hvr.
1136 - hvs.
1137 target:
1138 - code
1139 - doc
1140
1141- name: Hashicorp Terraform Token
1142 severity: high
1143 confidence: strong
1144 type: pattern
1145 values:
1146 - (?P<value>[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![0-9A-Za-z_-])
1147 filter_type:
1148 - ValuePatternCheck
1149 - ValueMorphemesCheck
1150 min_line_len: 90
1151 required_substrings:
1152 - .atlasv1.
1153 target:
1154 - code
1155 - doc
1156
1157- name: NKEY Seed
1158 severity: high
1159 confidence: weak
1160 type: pattern
1161 values:
1162 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>S[ACNOPUX][A-Z2-7]{40,200})(?![=0-9A-Za-z_+-])
1163 min_line_len: 42
1164 filter_type:
1165 - ValueMorphemesCheck
1166 - ValuePatternCheck
1167 - ValueEntropyBase32Check
1168 - ValueBase32DataCheck
1169 - ValueTokenBase32Check
1170 required_substrings:
1171 - SA
1172 - SC
1173 - SN
1174 - SO
1175 - SP
1176 - SU
1177 - SX
1178 required_regex: "[0-9A-Za-z_/+-]{15}"
1179 target:
1180 - code
1181 - doc
1182
1183- name: OTP / 2FA Secret
1184 severity: info
1185 confidence: weak
1186 type: pattern
1187 values:
1188 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>([A-Z2-7]{16}){1,2})(?![=0-9A-Za-z_+-])
1189 filter_type:
1190 - ValueMorphemesCheck
1191 - ValuePatternCheck
1192 - ValueEntropyBase32Check
1193 - ValueBase32DataCheck
1194 - ValueTokenBase32Check
1195 - ValueBase64PartCheck
1196 min_line_len: 16
1197 required_regex: "[0-9A-Za-z_/+-]{15}"
1198 target:
1199 - code
1200 - doc
1201
1202- name: OpenAI Token
1203 severity: high
1204 confidence: strong
1205 type: pattern
1206 values:
1207 - (?P<value>sk-[0-9A-Za-z_-]{16,160}(T3BlbkFJ|9wZW5BS|PcGVuQU)[0-9A-Za-z_-]{16,160})
1208 min_line_len: 51
1209 filter_type:
1210 - ValuePatternCheck
1211 - ValueMorphemesCheck
1212 required_substrings:
1213 - T3BlbkFJ
1214 - 9wZW5BS
1215 - PcGVuQU
1216 target:
1217 - code
1218 - doc
1219
1220- name: Docker Access Token
1221 severity: high
1222 confidence: strong
1223 type: pattern
1224 values:
1225 - (?P<value>dckr_[op]at_[0-9A-Za-z_-]{27,32})
1226 min_line_len: 36
1227 filter_type:
1228 - ValuePatternCheck
1229 - ValueMorphemesCheck
1230 required_substrings:
1231 - dckr_pat_
1232 - dckr_oat_
1233 target:
1234 - code
1235 - doc
1236
1237- name: Docker Swarm Token
1238 severity: high
1239 confidence: strong
1240 type: pattern
1241 values:
1242 - (?P<value>SWMTKN-1-[0-9a-z]{50}-[0-9a-z]{25})
1243 min_line_len: 85
1244 filter_type:
1245 - ValuePatternCheck
1246 - ValueMorphemesCheck
1247 required_substrings:
1248 - SWMTKN-1-
1249 target:
1250 - code
1251 - doc
1252
1253- name: Docker Swarm Key
1254 severity: high
1255 confidence: strong
1256 type: pattern
1257 values:
1258 - (?P<value>SWMKEY-1-[0-9A-Za-z]{43})
1259 min_line_len: 52
1260 filter_type:
1261 - ValuePatternCheck
1262 - ValueMorphemesCheck
1263 required_substrings:
1264 - SWMKEY-1-
1265 target:
1266 - code
1267 - doc
1268
1269- name: Groq API Key
1270 severity: high
1271 confidence: strong
1272 type: pattern
1273 values:
1274 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>gsk_[0-9A-Za-z_-]{8,40}(WGdyb3FY|hncm9xW|YZ3JvcV)[0-9A-Za-z_-]{8,40})(?![0-9A-Za-z_-])
1275 min_line_len: 56
1276 filter_type:
1277 - ValuePatternCheck
1278 required_substrings:
1279 - WGdyb3FY
1280 - hncm9xW
1281 - YZ3JvcV
1282 target:
1283 - code
1284 - doc
1285
1286- name: X AI API Key
1287 severity: high
1288 confidence: moderate
1289 type: pattern
1290 values:
1291 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>xai-[0-9A-Za-z_-]{80})(?![0-9A-Za-z_-])
1292 min_line_len: 84
1293 filter_type:
1294 - ValuePatternCheck
1295 - ValueEntropyBase64Check
1296 required_substrings:
1297 - xai-
1298 target:
1299 - code
1300 - doc
1301
1302- name: Notion Integration Token
1303 severity: high
1304 confidence: strong
1305 type: pattern
1306 values:
1307 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ntn_[0-9]{9}[0-9A-Za-z_-]{36,255})
1308 filter_type:
1309 - ValuePatternCheck
1310 - ValueEntropyBase64Check
1311 required_substrings:
1312 - ntn_
1313 min_line_len: 50
1314 target:
1315 - code
1316 - doc
1317
1318- name: Hugging Face User Access Token
1319 severity: high
1320 confidence: moderate
1321 type: pattern
1322 values:
1323 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>hf_[0-9A-Za-z_-]{34})(?![0-9A-Za-z_-])
1324 min_line_len: 37
1325 filter_type:
1326 - ValuePatternCheck
1327 - ValueEntropyBase64Check
1328 required_substrings:
1329 - hf_
1330 target:
1331 - code
1332 - doc
1333
1334- name: Anthropic API Key
1335 severity: high
1336 confidence: strong
1337 type: pattern
1338 values:
1339 - (?P<value>sk-ant-api03-[0-9A-Za-z_-]{64,128})(?![0-9A-Za-z_-])
1340 min_line_len: 77
1341 filter_type:
1342 - ValuePatternCheck
1343 required_substrings:
1344 - sk-ant-api03-
1345 target:
1346 - code
1347 - doc
1348
1349- name: Perplexity API Key
1350 severity: high
1351 confidence: strong
1352 type: pattern
1353 values:
1354 - (?P<value>pplx-[0-9A-Za-z_-]{40,64})(?![0-9A-Za-z_-])
1355 min_line_len: 45
1356 filter_type:
1357 - ValuePatternCheck
1358 required_substrings:
1359 - pplx-
1360 target:
1361 - code
1362 - doc
1363
1364- name: DeepSeek API Key
1365 severity: high
1366 confidence: moderate
1367 type: pattern
1368 values:
1369 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sk-[0-9a-f]{32,64})(?![0-9A-Za-z_-])
1370 min_line_len: 35
1371 filter_type:
1372 - ValuePatternCheck
1373 required_substrings:
1374 - sk-
1375 target:
1376 - code
1377 - doc
1378
1379- name: Tavily API Key
1380 severity: high
1381 confidence: strong
1382 type: pattern
1383 values:
1384 - (?P<value>tvly-[0-9A-Za-z_-]{32,40})(?![0-9A-Za-z_-])
1385 min_line_len: 37
1386 filter_type:
1387 - ValuePatternCheck
1388 required_substrings:
1389 - tvly-
1390 target:
1391 - code
1392 - doc
1393
1394- name: Figma Personal Access Token
1395 severity: high
1396 confidence: strong
1397 type: pattern
1398 values:
1399 - (?P<value>figd_[0-9A-Za-z_-]{40})(?![0-9A-Za-z_-])
1400 min_line_len: 45
1401 filter_type:
1402 - ValuePatternCheck
1403 required_substrings:
1404 - figd_
1405 target:
1406 - code
1407 - doc
1408
1409- name: 1Password Account Token
1410 severity: high
1411 confidence: strong
1412 type: pattern
1413 values:
1414 - (?P<value>ops_eyJ[0-9A-Za-z_-]{168,8000})
1415 min_line_len: 192
1416 filter_type:
1417 - ValuePatternCheck
1418 required_substrings:
1419 - InNlY3JldEtleSI6
1420 - JzZWNyZXRLZXkiO
1421 - ic2VjcmV0S2V5Ij
1422 target:
1423 - code
1424 - doc
1425
1426- name: Brevo API Key
1427 severity: high
1428 confidence: strong
1429 type: pattern
1430 values:
1431 - (?P<value>xkeysib-[0-9a-f]{64}-[0-9A-Za-z_-]{16})
1432 min_line_len: 89
1433 filter_type:
1434 - ValuePatternCheck
1435 required_substrings:
1436 - xkeysib-
1437 target:
1438 - code
1439 - doc
1440
1441- name: Together AI API Key
1442 severity: high
1443 confidence: strong
1444 type: pattern
1445 values:
1446 - (?P<value>tgp_v1_[0-9A-Za-z_-]{43})
1447 min_line_len: 50
1448 filter_type:
1449 - ValuePatternCheck
1450 required_substrings:
1451 - tgp_v1_
1452 target:
1453 - code
1454 - doc
1455
1456- name: LLAMA API Key
1457 severity: high
1458 confidence: strong
1459 type: pattern
1460 values:
1461 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>llx-[0-9A-Za-z_-]{48})
1462 min_line_len: 52
1463 filter_type:
1464 - ValuePatternCheck
1465 required_substrings:
1466 - llx-
1467 target:
1468 - code
1469 - doc
1470
1471- name: SonarQube Credentials
1472 severity: medium
1473 confidence: moderate
1474 type: pattern
1475 values:
1476 - (?P<value>sq[apu]_[0-9a-f]{40})(?![0-9A-Za-z_-])
1477 min_line_len: 44
1478 filter_type:
1479 - ValuePatternCheck
1480 required_substrings:
1481 - sqa_
1482 - sqp_
1483 - squ_
1484 target:
1485 - code
1486 - doc
1487
1488- name: Sentry Organization Auth Token
1489 severity: high
1490 confidence: strong
1491 type: pattern
1492 values:
1493 - (?P<value>sntrys_eyJ[0-9A-Za-z_-]{80,8000}=*([0-9A-Za-z_-]{32,256})?)(?![0-9A-Za-z_-])
1494 min_line_len: 37
1495 filter_type:
1496 - ValuePatternCheck
1497 required_substrings:
1498 - sntrys_eyJ
1499 target:
1500 - code
1501 - doc
1502
1503- name: Sentry User Auth Token
1504 severity: high
1505 confidence: strong
1506 type: pattern
1507 values:
1508 - (?P<value>sntryu_[0-9a-f]{64})(?![0-9A-Za-z_-])
1509 min_line_len: 37
1510 filter_type:
1511 - ValuePatternCheck
1512 required_substrings:
1513 - sntryu_
1514 target:
1515 - code
1516 - doc
1517
1518- name: Discord Bot Token
1519 severity: high
1520 confidence: strong
1521 type: pattern
1522 values:
1523 - (?P<value>[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{20,24}\.[0-9A-Za-z_-]{6}\.[0-9A-Za-z_-]{30,40})(?![0-9A-Za-z_-])
1524 min_line_len: 62
1525 filter_type:
1526 - ValueDiscordBotCheck
1527 required_substrings:
1528 - M
1529 - N
1530 - O
1531 required_regex: "[0-9A-Za-z_/+-]{15}"
1532 target:
1533 - code
1534 - doc
1535
1536- name: Discord Webhook
1537 severity: medium
1538 confidence: strong
1539 type: pattern
1540 values:
1541 - (?P<variable>discord(?:app)?\.com/api/webhooks)(?P<value>/[0-9]{16,22}/[0-9A-Za-z_-]{40,100})
1542 filter_type:
1543 - ValueMorphemesCheck
1544 required_substrings:
1545 - discordapp.com/api/webhooks
1546 - discord.com/api/webhooks
1547 min_line_len: 61
1548 target:
1549 - code
1550 - doc
1551
1552- name: Vercel Token
1553 severity: medium
1554 confidence: weak
1555 type: pattern
1556 values:
1557 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>vcp_[0-9A-Za-z]{56})(?![0-9A-Za-z_-])
1558 min_line_len: 60
1559 filter_type: TokenPattern
1560 required_substrings:
1561 - vcp_
1562 target:
1563 - code
1564 - doc
1565
1566- name: Netlify Token
1567 severity: medium
1568 confidence: weak
1569 type: pattern
1570 values:
1571 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>nfp_[0-9A-Za-z]{36})(?![0-9A-Za-z_-])
1572 min_line_len: 40
1573 filter_type: TokenPattern
1574 required_substrings:
1575 - nfp_
1576 target:
1577 - code
1578 - doc
1579
1580- name: PostHog Credentials
1581 severity: medium
1582 confidence: weak
1583 type: pattern
1584 values:
1585 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ph[acrsx]_[0-9A-Za-z]{40,60})(?![0-9A-Za-z_-])
1586 min_line_len: 44
1587 filter_type: TokenPattern
1588 required_substrings:
1589 - phx_
1590 - phs_
1591 - phr_
1592 - pha_
1593 - phc_
1594 target:
1595 - code
1596 - doc
1597
1598- name: RubyGems API Key
1599 severity: medium
1600 confidence: strong
1601 type: pattern
1602 values:
1603 - (?P<value>rubygems_[0-9a-f]{48})
1604 min_line_len: 57
1605 filter_type: TokenPattern
1606 required_substrings:
1607 - rubygems_
1608 target:
1609 - code
1610 - doc
1611
1612- name: Tencent WeChat API App ID
1613 severity: medium
1614 confidence: weak
1615 type: pattern
1616 values:
1617 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>wx[0-9a-f]{16})(?![0-9A-Za-z_-])
1618 min_line_len: 18
1619 filter_type: TokenPattern
1620 required_substrings:
1621 - wx
1622 target:
1623 - code
1624 - doc
1625
1626- name: Salesforce Credentials
1627 severity: medium
1628 confidence: weak
1629 type: pattern
1630 values:
1631 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(3MVG[0-9A-Za-z_.]{24,200}|00D[0-9A-Za-z]{9,15}(![0-9A-Za-z_.]{24,200})?))(?![0-9A-Za-z_.])
1632 min_line_len: 12
1633 filter_type:
1634 - ValuePatternCheck(9)
1635 - ValueNumberCheck
1636 - ValueBase64PartCheck
1637 required_substrings:
1638 - 00D
1639 - 3MVG
1640 target:
1641 - code
1642 - doc
1643
1644- name: Postman Credentials
1645 severity: medium
1646 confidence: moderate
1647 type: pattern
1648 values:
1649 - (?P<value>(PMAK-[0-9a-f]{24}-[0-9a-f]{34}|PMAT-[0-9A-Z]{26}))
1650 min_line_len: 29
1651 filter_type:
1652 - ValuePatternCheck
1653 required_substrings:
1654 - PMAK-
1655 - PMAT-
1656 target:
1657 - code
1658 - doc
1659
1660- name: NTLM Token
1661 severity: medium
1662 confidence: strong
1663 type: pattern
1664 values:
1665 - (?P<value>TlRMTVNTUAADAAAA[=0-9A-Za-z_/+-]{8,8000})(?![0-9A-Za-z_/+-])
1666 filter_type:
1667 - ValueMorphemesCheck(2)
1668 - ValuePatternCheck
1669 min_line_len: 160
1670 required_substrings:
1671 - TlRMTVNTUAADAAAA
1672 target:
1673 - doc
1674 - code
1675
1676- name: Basic Authorization
1677 severity: medium
1678 confidence: strong
1679 type: pattern
1680 values:
1681 - (?P<variable>(?i:basic))(?P<separator>\s+)(?P<value>[=0-9A-Za-z_/+-]{8,8000})(?![0-9A-Za-z_/+-])
1682 min_line_len: 18
1683 filter_type:
1684 - ValueBasicAuthCheck
1685 required_substrings:
1686 - basic
1687 target:
1688 - code
1689 - doc
1690
1691- name: Bearer Authorization
1692 severity: medium
1693 confidence: moderate
1694 type: pattern
1695 values:
1696 - (?P<variable>(?i:bearer|ntlm))(?P<separator>\s+)(?P<value>[.0-9A-Za-z_/+-]{32,8000}=*)(?![0-9A-Za-z_/+-])
1697 min_line_len: 37
1698 filter_type: GeneralKeyword
1699 required_substrings:
1700 - bearer
1701 - ntlm
1702 target:
1703 - code
1704 - doc
1705
1706- name: SQL Password
1707 severity: medium
1708 confidence: weak
1709 type: pattern
1710 values:
1711 - (\\[nrt]|\b)(?i:(?P<variable>(CREATE|ALTER|SET\s{1,8}PASSWORD|INSERT(\s{1,8}IGNORE)?|UPDATE\s{1,8}[^\s;]{1,80})\s{1,8}(LOGIN|USER|ROLE|FOR|INTO|SET)\s{1,8}((?!IDENTIFIED|PASSWORD)[^\s;]{1,80}\s{1,8}|VALUES\s{0,8}\(){1,8}(IDENTIFIED((\s{1,8}WITH\s{1,8}\S{1,80})?\s{1,8}(BY|AS))|(=|WITH)?\s{0,8}PASSWORD\b(\s{0,8}=)?)))\s{0,8}(?P<wrap>[(]\s{0,8})?(?P<value_leftquote>((?P<esq>\\{1,8})?([\"'`]|&(quot|apos|#3[49]);)){1,4})?(?P<value>(?(value_leftquote)((?!(?P=value_leftquote))(?(esq)((?!(?P=esq)([\"'`]|&(quot|apos|#3[49]);)).)|((?!(?P=value_leftquote)).)))|(?!&(quot|apos|#3[49]);)(\\{1,8}([ tnr]|[^\s\"'`])|[^\s\"'`,;\\])){3,80})(?(value_leftquote)(?P<value_rightquote>(?<!\\)(?P=value_leftquote))|(?(wrap)[)]|[\s\"'`,;]))
1712 filter_type:
1713 - ValueAllowlistCheck
1714 - ValuePatternCheck
1715 use_ml: true
1716 min_line_len: 8
1717 required_substrings:
1718 - password
1719 - identified
1720 target:
1721 - doc
1722 - code
1723
1724- name: CURL User Password
1725 severity: high
1726 confidence: moderate
1727 type: pattern
1728 values:
1729 - (?P<variable>curl)\s.*(-[uU]|--(proxy-)?user)\s\s*(?P<value_leftquote>(\\*[\"']){1,3})?(?(value_leftquote)[^\"'\\:]|[^\s\"'\\:]){0,64}:(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,64})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1730 filter_type: GeneralKeyword
1731 use_ml: true
1732 required_substrings:
1733 - curl
1734 min_line_len: 16
1735 target:
1736 - doc
1737 - code
1738
1739- name: CMD ConvertTo-SecureString
1740 severity: high
1741 confidence: moderate
1742 type: pattern
1743 values:
1744 - (?P<variable>ConvertTo-SecureString(\s\s*-(String|AsPlainText|Force))*)\s\s*(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,800})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1745 filter_type: GeneralKeyword
1746 use_ml: true
1747 required_substrings:
1748 - convertto-securestring
1749 min_line_len: 27
1750 target:
1751 - doc
1752 - code
1753
1754- name: CMD Password
1755 severity: high
1756 confidence: moderate
1757 type: pattern
1758 values:
1759 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:pass(in|out|word|phrase)))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,80})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1760 filter_type: GeneralKeyword
1761 use_ml: true
1762 required_substrings:
1763 - pass
1764 min_line_len: 12
1765 target:
1766 - doc
1767 - code
1768
1769- name: CMD Token
1770 severity: high
1771 confidence: moderate
1772 type: pattern
1773 values:
1774 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:token|oauth2-bearer))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1775 filter_type: GeneralKeyword
1776 use_ml: true
1777 required_substrings:
1778 - token
1779 - oauth2-bearer
1780 min_line_len: 12
1781 target:
1782 - doc
1783 - code
1784
1785- name: CMD Secret
1786 severity: high
1787 confidence: moderate
1788 type: pattern
1789 values:
1790 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:secret)[A-Za-z_-]*)(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1791 filter_type: GeneralKeyword
1792 use_ml: true
1793 required_substrings:
1794 - secret
1795 min_line_len: 12
1796 target:
1797 - doc
1798 - code
1799
1800- name: URL Credentials
1801 severity: high
1802 confidence: moderate
1803 type: pattern
1804 values:
1805 - (?P<value_leftquote>[\"'])?(?P<variable>[+0-9A-Za-z-]{2,80}://)([^\s\'"<>\[\]^~`{|}:/]{0,80}:){1,3}(?P<value>[^\s\'"<>\[\]^~`{|}@:/]{3,80})@[^\s\'"<>\[\]^~`{|}@:/]{1,800}\\{0,8}(?P<value_rightquote>[\"'])?
1806 filter_type: UrlCredentialsGroup
1807 use_ml: true
1808 required_substrings:
1809 - ://
1810 min_line_len: 10
1811 target:
1812 - doc
1813 - code
1814
1815- name: API
1816 severity: low
1817 confidence: moderate
1818 type: keyword
1819 values:
1820 - api(?!tal)
1821 filter_type: GeneralKeyword
1822 use_ml: true
1823 min_line_len: 11
1824 required_substrings:
1825 - api
1826 target:
1827 - code
1828
1829- name: Auth
1830 severity: medium
1831 confidence: moderate
1832 type: keyword
1833 values:
1834 - auth(?!ors?(?!i[tz]))
1835 filter_type: GeneralKeyword
1836 use_ml: true
1837 min_line_len: 12
1838 required_substrings:
1839 - auth
1840 target:
1841 - code
1842
1843- name: Credential
1844 severity: medium
1845 confidence: moderate
1846 type: keyword
1847 values:
1848 - credential
1849 filter_type: GeneralKeyword
1850 use_ml: true
1851 min_line_len: 18
1852 required_substrings:
1853 - credential
1854 target:
1855 - code
1856
1857- name: Key
1858 severity: high
1859 confidence: moderate
1860 type: keyword
1861 values:
1862 - key(?!word|board|pad|name)
1863 filter_type: GeneralKeyword
1864 use_ml: true
1865 min_line_len: 11
1866 required_substrings:
1867 - key
1868 target:
1869 - code
1870
1871- name: Nonce
1872 severity: low
1873 confidence: moderate
1874 type: keyword
1875 values:
1876 - (?<!\\)nonce
1877 filter_type: GeneralKeyword
1878 use_ml: true
1879 min_line_len: 13
1880 required_substrings:
1881 - nonce
1882 target:
1883 - code
1884
1885- name: Password
1886 severity: high
1887 confidence: moderate
1888 type: keyword
1889 values:
1890 - (?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,80})|pw(d|\b)
1891 filter_type: PasswordKeyword
1892 use_ml: true
1893 min_line_len: 10
1894 required_substrings:
1895 - pass
1896 - pw
1897 target:
1898 - code
1899
1900- name: Salt
1901 severity: low
1902 confidence: moderate
1903 type: keyword
1904 values:
1905 - salt
1906 filter_type: GeneralKeyword
1907 use_ml: true
1908 min_line_len: 12
1909 required_substrings:
1910 - salt
1911 target:
1912 - code
1913
1914- name: Secret
1915 severity: medium
1916 confidence: moderate
1917 type: keyword
1918 values:
1919 - secret
1920 filter_type: GeneralKeyword
1921 use_ml: true
1922 min_line_len: 14
1923 required_substrings:
1924 - secret
1925 target:
1926 - code
1927
1928- name: Token
1929 severity: high
1930 confidence: moderate
1931 type: keyword
1932 values:
1933 - token(?!ize)
1934 filter_type: GeneralKeyword
1935 use_ml: true
1936 min_line_len: 13
1937 required_substrings:
1938 - token
1939 target:
1940 - code