fix ignore patches

himax1991 · himax1991 · commit c3a8293a1a0f · 2026-03-27T14:59:12.000+03:00
Signed-off-by: Maksim Khimchenko &lt;maksim.khimchenko@flant.com&gt;
diff --git a/gitleaks/config/gitleaks.base.toml b/gitleaks/config/gitleaks.base.toml
@@ -13,6 +13,8 @@ useDefault = true
 # Global allowlists
 [allowlist]
 
+regexTarget = "line"
+
 # === Safe files/directories ===
 # NOTE: Use exact paths, NOT glob patterns like **/go.mod
 
@@ -21,9 +23,6 @@ paths = [
     "go.mod",
     "go.sum",
 
-    # patch files
-    ".*/*.patch",
-
     # Specific files with known false positives
     # "modules/101-cert-manager/docs/USAGE.md",
     # "modules/101-cert-manager/docs/USAGE_RU.md",
@@ -32,10 +31,10 @@ paths = [
 # === Safe patterns ===
 regexes = [
     # Go module checksums - always public
-    '''h1:[A-Za-z0-9+/=]{40,}''',
+    '''.*h1:[A-Za-z0-9+/=]{40,}''',
 
     # Public certificates (only ca.crt, NOT private keys!)
-    '''data:\s*\n\s*ca\.crt:\s*[A-Za-z0-9+/=\s]+''',
+    '''ca\.crt:\s*[A-Za-z0-9+/=]+''',
 
     # AWS Example values from official documentation - exact match
     '''AKIAIOSFODNN7EXAMPLE''',
