sensitive-file/env-generic

Environment file (.env)

highSensitive filesensitive-file

What it detects

Generic .env file. Commonly holds secrets; even dev .env files often leak into real infrastructure.

Confirm it contains only dummy values, otherwise rotate and delete. Add .env files to .gitignore.

Path / basename / content-header match. No content body is stored — only the path.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.