← all rules
secret/jwt
JSON Web Token (JWT)
What it detects
Possible JWT. May or may not be sensitive depending on contents.
How it runs
Run against every text file in the repo (with a binary-content filter and a `.repoguardignore` filter for fixtures). The matched value is masked before being persisted.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.