fix(security): replace custom secret detection with gitleaks

The hand-rolled check_secrets regex patterns produced false positives on configKey test values, causing make security-full to fail. Replace with gitleaks via go run for proper secret detection with built-in rules and allowlist support for generated report files.
2026-03-20 04:03:00 +00:00 · 2026-02-01 11:19:40 +02:00
parent 1bd6f6318a
commit 9b0e4e0810
3 changed files with 42 additions and 39 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,8 @@ output.txt
 output.yaml
 gosec-report.json
 govulncheck-report.json
+gitleaks-report.json
+security-report.json
 security-report.md
 gosec*.log
 pr.txt