← all rules
secret/docker-hub-pat
Docker Hub Personal Access Token
What it detects
Docker Hub PAT. Can push images to any repo the user owns.
How it runs
Run against every text file in the repo (with a binary-content filter and a `.repoguardignore` filter for fixtures). The matched value is masked before being persisted.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.