Gitleaks is missing quite a few rules for the Microsoft ecosystem, including Visual Studio, Azure and Azure DevOps.

Microsoft used to have a competing product called credscan, but it was recently deprecated in favor of the GitHub Security offerings.

I've ported most of the rules from credscan to the gitleaks format and put them in a repo here:
https://github.com/jessehouwing/gitleaks-azur

Great tool. What if I want to search for a domain or org name in combination with all the signatures? Is this possible currently?

Hi,
This is a useful tool for any DevOps/SRE teams managing K8S clusters and apps.
One question though, will this be able to detect changes to Secrets stored in an external store like the GoDday one or the HashiCorp Vault.
thanks,
KK

哔哩哔哩安全应急响应中心

账号安全通知
系统检测到您的账号有异常使用，建议及时更改密码，确保账号安全。
若有使用第三方工具，请立即停止使用。
恶意使用第三方工具造成数据安全问题，将导致账号封停。

本人无恶意哈，但是收到了安全通知的消息，所以估计先停用一段时间。

Starting at the "Create a staging environment", the steps described in the guide quickly outpace the explanations and it was not obvious to me what was going on. The quickstart assumes knowledge of concepts (environments, machines) that I would have liked to see brief explanations of.

The Quickstart could also use now.sh as an example deployment environment so that the user can follow along wit

The files on PyPI have these hash values:

• SHA256
• MD5
• BLAKE2-256

If print the hash values, people can easily verify whether the file on PyPI was automatically uploaded by CI script.
It is best to print a pretty-print table.