18 lines
636 B
JSON
18 lines
636 B
JSON
{
|
|
"id": "stellaops.secrets.jwt-secret",
|
|
"version": "1.0.0",
|
|
"name": "JWT Secret Key",
|
|
"description": "Detects JWT secret keys in configuration",
|
|
"type": "regex",
|
|
"pattern": "(?i)(?:jwt[_-]?secret|jwt[_-]?key|secret[_-]?key)['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9+/=_-]{32,})['\"]?",
|
|
"severity": "high",
|
|
"confidence": "medium",
|
|
"keywords": ["jwt_secret", "jwt_key", "secret_key", "JWT"],
|
|
"filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "appsettings.json"],
|
|
"enabled": true,
|
|
"tags": ["jwt", "authentication", "credentials"],
|
|
"references": [
|
|
"https://jwt.io/introduction"
|
|
]
|
|
}
|