mcp-server-semgrep/semgrep-rules/generic/secrets/gitleaks/intercom-api-key.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: intercom-api-key
  message: A gitleaks intercom-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
  languages:
    - regex
  severity: INFO
  metadata:
      likelihood: LOW
      impact: MEDIUM
      confidence: LOW
      category: security
      cwe:
        - "CWE-798: Use of Hard-coded Credentials"
      cwe2021-top25: true
      cwe2022-top25: true
      owasp:
        - A07:2021 - Identification and Authentication Failures
      references:
        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
      source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
      subcategory:
        - vuln
      technology:
        - gitleaks
  patterns:
    - pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)