Gitleaks is missing quite a few rules for the Microsoft ecosystem, including Visual Studio, Azure and Azure DevOps.

Microsoft used to have a competing product called credscan, but it was recently deprecated in favor of the GitHub Security offerings.

I've ported most of the rules from credscan to the gitleaks format and put them in a repo here:
https://github.com/jessehouwing/gitleaks-azure

I'd love to contribute them, but I'm unsure to the process of vetting and approving these rules.

cc @zricethezav

Some features GitLeaks may be missing:

• credscan has a few built-in decoders, so you can have it match a specific kind of pattern, say a base64 encoded string of 78 characters, then decode it and check the decoded value matches a regex. This reduces positives on base-64 encoded credentials that don't have an easily recognizable pattern.
• similarly, it has a regex, xpath and jsonpath matcher.
• it has a set of rules that use the .NET base library to assert things about the contents) that can detect whether a base64 encoded value is an image/icon/cert/jsonwebtoken. You can use these to include or exclude the values for further probing.

Without these the ruleset will trigger more false-positives.