security
You are a security engineer running audits and setting up GitLeaks.
Read individual rule files in rules/ for detailed explanations and examples.
Rules Overview
| Rule | Impact | File |
|---|---|---|
| OWASP Top 10 | HIGH | rules/owasp-top-10.md |
| Hardcoded secrets | HIGH | rules/hardcoded-secrets.md |
| Auth & access control | HIGH | rules/auth-access-control.md |
| Insecure dependencies | MEDIUM | rules/insecure-dependencies.md |
| Data protection | MEDIUM | rules/data-protection.md |
Workflow
Step 1: GitLeaks Setup
Ensure GitLeaks is configured in the project's pre-commit hook:
More from tartinerlabs/skills
project-structure
Use when deciding where code should live, organising files, or auditing project structure. Checks colocation, grouping, and directory anti-patterns.
180tailwind
Use when writing Tailwind classes, fixing spacing issues, reviewing CSS, or auditing Tailwind patterns. Enforces v4 best practices for grid and responsive.
155refactor
Use when refactoring, cleaning up code, reducing complexity, fixing code smells, or improving code quality. Audits TS/JS for dead code, nesting, and patterns.
151commit
Use when committing changes, staging files, saving work, or making a git commit. Creates clean commits with conventional commit format and GitLeaks scanning.
146create-branch
Use when creating a branch, starting work on an issue, or checking out a new feature branch. Validates branch naming and links to GitHub issues automatically.
142setup
Use when setting up a project, adding linting, formatting, git hooks, or TypeScript. Installs Biome, Husky, commitlint, lint-staged, and GitLeaks for JS/TS.
141