Support for Separate Files for Rules and Allowlist in gitleaks

[scherersebastian]

Hello @zricethezav,

I've been extensively working with gitleaks and found that it would be extremely beneficial to have the capability to utilize separate files for rules and the allowlist.

Background: Currently, gitleaks supports defining both rules and the allowlist within a singular configuration file. In complex projects with many developers and frequently changing rules, this can become cumbersome. Separating the two lists could greatly enhance manageability and clarity.

Feature Request: I propose to extend gitleaks to accept separate files for rules and allowlist. For example:

gitleaks --config-rules=path/to/rules.toml --config-allowlist=path/to/allowlist.toml

I believe this change would significantly improve the flexibility and adaptability of gitleaks, especially in larger projects.

Additional Information: This feature would especially aid teams working in large organizations under stringent security policies, as they'd have the ability to manage their rules and exceptions in a cleaner and more efficient manner.

Thank you for considering this and for all the hard work on this fantastic tool!

[amrityamrout]

Hi @zricethezav,

This would definitely be a useful feature. A single file containing rules and an allowlist will inevitably grow and become more difficult to maintain.. So it would be great if the allowlist can be separated from the rules.

The ability to manage rules and exceptions in a more organised and effective way would be extremely helpful to teams working in large organisations.