sensitive-file/git-credentials

git-credentials file

criticalSensitive filesensitive-file

What it detects

Git credential store (plain-text usernames/passwords/tokens for remotes).

Remove, rotate every token inside, and use credential helpers (osxkeychain, libsecret) instead.

Path / basename / content-header match. No content body is stored — only the path.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.