SigilGuard.
View Source
Pattern compilation and management for sensitivity scanning.
Provides built-in patterns for common credential and secret formats, plus support for loading patterns from SIGIL registry bundles.
Built-in Patterns
The following patterns are included by default (no registry dependency):
- AWS access keys (
AKIA,ABIA,ACCA,ASIAprefixes) - Generic API key assignments
- Bearer tokens
- Database connection URIs (PostgreSQL, MySQL, MongoDB)
- Private key headers (RSA, EC, OpenSSH)
- Generic secret/password/token assignments
Registry Patterns
When the SIGIL registry is enabled, patterns from GET /patterns/bundle
are merged with built-in patterns. Registry patterns take precedence
on name collision.
Summary
Functions
Return compiled built-in patterns.
Compile a list of raw pattern maps into executable patterns.
Merge two pattern lists, with override taking precedence on name collision.
Parse a SIGIL registry bundle response into pattern maps.
Types
@type scan_hit() :: %{ name: String.t(), category: String.t(), severity: :low | :medium | :high, match: String.t(), offset: non_neg_integer(), length: non_neg_integer(), replacement_hint: String.t() | nil }
Functions
@spec built_in() :: [compiled_pattern()]
Return compiled built-in patterns.
@spec compile([map()]) :: [compiled_pattern()]
Compile a list of raw pattern maps into executable patterns.
Accepts both built-in format (with :pattern key) and registry bundle
format (with "regex" key).
@spec merge([compiled_pattern()], [compiled_pattern()]) :: [compiled_pattern()]
Merge two pattern lists, with override taking precedence on name collision.
Parse a SIGIL registry bundle response into pattern maps.
Expected format:
{"generated_at": "...", "count": 5, "patterns": [...]}