Fix dead link checker: correct www.github.com URLs and exclude internal routes

.lycheeignore

@@ -1,6 +1,9 @@
-# Ignore all files
+# Ignore all file:// URIs
 file://.*
 
+# Ignore internal application routes (relative paths starting with /)
+^/[^/].*
+
 # This is used as an example when creating a pull request
 https://github.com/Your_Github_Handle.*
 # Heroku is not guaranteed to be up
@@ -27,3 +30,6 @@ https://www.vaultproject.io/*
 
 # Issues with lychee:
 https://github.com/topics/secrets-detection
+
+# Docker Hub returns 403 Forbidden errors
+https://hub.docker.com/*

README.md

@@ -2,7 +2,7 @@
 
 # OWASP WrongSecrets
 
-[![Tweet](https://img.shields.io/badge/-Twitter-%232B90D9?style=for-the-badge&logo=x&logoColor=white)](https://twitter.com/intent/tweet?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this&url=https://github.com/OWASP/wrongsecrets&hashtags=secretsmanagement,secrets,hunting,p0wnableapp,OWASP,WrongSecrets) [<img src="https://img.shields.io/badge/-MASTODON-%232B90D9?style=for-the-badge&logo=mastodon&logoColor=white">](https://tootpick.org/#text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement,%20%23secrets,%20%23hunting,%20%23p0wnableapp,%20%23OWASP,%20%23WrongSecrets) [<img src="https://img.shields.io/badge/-BLUESKY-%230085FF?style=for-the-badge&logo=bluesky&logoColor=white">](https://bsky.app/intent/compose?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement%20%23secrets%20%23hunting%20%23p0wnableapp%20%23OWASP%20%23WrongSecrets) [<img src="https://img.shields.io/badge/-LINKEDIN-0077B5?style=for-the-badge&logo=linkedin&logoColor=white">](https://www.linkedin.com/shareArticle/?url=https://www.github.com/OWASP/wrongsecrets&title=OWASP%20WrongSecrets)
+[![Tweet](https://img.shields.io/badge/-Twitter-%232B90D9?style=for-the-badge&logo=x&logoColor=white)](https://twitter.com/intent/tweet?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this&url=https://github.com/OWASP/wrongsecrets&hashtags=secretsmanagement,secrets,hunting,p0wnableapp,OWASP,WrongSecrets) [<img src="https://img.shields.io/badge/-MASTODON-%232B90D9?style=for-the-badge&logo=mastodon&logoColor=white">](https://tootpick.org/#text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement,%20%23secrets,%20%23hunting,%20%23p0wnableapp,%20%23OWASP,%20%23WrongSecrets) [<img src="https://img.shields.io/badge/-BLUESKY-%230085FF?style=for-the-badge&logo=bluesky&logoColor=white">](https://bsky.app/intent/compose?text=Want%20to%20dive%20into%20secrets%20management%20and%20do%20some%20hunting?%20try%20this%0A%0Ahttps://github.com/OWASP/wrongsecrets%20%23secretsmanagement%20%23secrets%20%23hunting%20%23p0wnableapp%20%23OWASP%20%23WrongSecrets) [<img src="https://img.shields.io/badge/-LINKEDIN-0077B5?style=for-the-badge&logo=linkedin&logoColor=white">](https://www.linkedin.com/shareArticle/?url=https://github.com/OWASP/wrongsecrets&title=OWASP%20WrongSecrets)
 
 [![Java checkstyle and testing](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/main.yml) [![Pre-commit](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/pre-commit.yml) [![Terraform FMT](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/terraform.yml) [![CodeQL](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/codeql-analysis.yml) [![Dead Link Checker](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/link_checker.yml) [![Javadoc and Swaggerdoc generator](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/java_swagger_doc.yml) [![Test Heroku with cypress](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml/badge.svg)](https://github.com/OWASP/wrongsecrets/actions/workflows/heroku_tests.yml)
 
@@ -380,66 +380,66 @@ You can enable Swagger documentation and the Swagger UI by overriding the `SPRIN
 
 Leaders:
 
-- [Ben de Haan @bendehaan](https://www.github.com/bendehaan)
-- [Jeroen Willemsen @commjoen](https://www.github.com/commjoen)
+- [Ben de Haan @bendehaan](https://github.com/bendehaan)
+- [Jeroen Willemsen @commjoen](https://github.com/commjoen)
 
 Top contributors:
 
-- [Jannik Hollenbach @J12934](https://www.github.com/J12934)
-- [Puneeth Y @puneeth072003](https://www.github.com/puneeth072003)
-- [Joss Sparkes @RemakingEden](https://www.github.com/RemakingEden)
+- [Jannik Hollenbach @J12934](https://github.com/J12934)
+- [Puneeth Y @puneeth072003](https://github.com/puneeth072003)
+- [Joss Sparkes @RemakingEden](https://github.com/RemakingEden)
 
 Contributors:
 
-- [Nanne Baars @nbaars](https://www.github.com/nbaars)
-- [Marcin Nowak @drnow4u](https://www.github.com/drnow4u)
-- [Rodolfo Neves @roddas](https://www.github.com/roddas)
-- [Osama Magdy @osamamagdy](https://www.github.com/osamamagdy)
-- [Pastekitoo @Pastekitoo](https://www.github.com/Pastekitoo)
-- [Shubham Patel @Shubham-Patel07](https://www.github.com/Shubham-Patel07)
-- [za @za](https://www.github.com/za)
-- [Divyanshu Dev @Novice-expert](https://www.github.com/Novice-expert)
-- [Tibor Hercz @tiborhercz](https://www.github.com/tiborhercz)
-- [Chris Elbring Jr. @neatzsche](https://www.github.com/neatzsche)
-- [Adarsh A @adarsh-a-tw](https://www.github.com/adarsh-a-tw)
-- [Diamond Rivero @diamant3](https://www.github.com/diamant3)
-- [Norbert Wolniak @nwolniak](https://www.github.com/nwolniak)
-- [Filip Chyla @fchyla](https://www.github.com/fchyla)
-- [Dmitry Litosh @Dlitosh](https://www.github.com/Dlitosh)
-- [Vineeth Jagadeesh @djvinnie](https://www.github.com/djvinnie)
-- [Mahaputra Ilham Awal @mahaputrailhamawal](https://www.github.com/mahaputrailhamawal)
-- [Turjo Chowdhury @turjoc120](https://www.github.com/turjoc120)
-- [SndR @SndR85](https://www.github.com/SndR85)
-- [Josh Grossman @tghosth](https://www.github.com/tghosth)
-- [alphasec @alphasecio](https://www.github.com/alphasecio)
-- [CaduRoriz @CaduRoriz](https://www.github.com/CaduRoriz)
-- [Madhu Akula @madhuakula](https://www.github.com/madhuakula)
-- [Mike Woudenberg @mikewoudenberg](https://www.github.com/mikewoudenberg)
-- [Spyros @northdpole](https://www.github.com/northdpole)
-- [RubenAtBinx @RubenAtBinx](https://www.github.com/RubenAtBinx)
-- [Alex Bender @alex-bender](https://www.github.com/alex-bender)
-- [Danny Lloyd @dannylloyd](https://www.github.com/dannylloyd)
-- [Nicolas Humblot @nhumblot](https://www.github.com/nhumblot)
-- [Rick M @kingthorin](https://www.github.com/kingthorin)
-- [Shlomo Zalman Heigh @szh](https://www.github.com/szh)
-- [Fern @f3rn0s](https://www.github.com/f3rn0s)
-- [Jeff Tong @Wind010](https://www.github.com/Wind010)
+- [Nanne Baars @nbaars](https://github.com/nbaars)
+- [Marcin Nowak @drnow4u](https://github.com/drnow4u)
+- [Rodolfo Neves @roddas](https://github.com/roddas)
+- [Osama Magdy @osamamagdy](https://github.com/osamamagdy)
+- [Pastekitoo @Pastekitoo](https://github.com/Pastekitoo)
+- [Shubham Patel @Shubham-Patel07](https://github.com/Shubham-Patel07)
+- [za @za](https://github.com/za)
+- [Divyanshu Dev @Novice-expert](https://github.com/Novice-expert)
+- [Tibor Hercz @tiborhercz](https://github.com/tiborhercz)
+- [Chris Elbring Jr. @neatzsche](https://github.com/neatzsche)
+- [Adarsh A @adarsh-a-tw](https://github.com/adarsh-a-tw)
+- [Diamond Rivero @diamant3](https://github.com/diamant3)
+- [Norbert Wolniak @nwolniak](https://github.com/nwolniak)
+- [Filip Chyla @fchyla](https://github.com/fchyla)
+- [Dmitry Litosh @Dlitosh](https://github.com/Dlitosh)
+- [Vineeth Jagadeesh @djvinnie](https://github.com/djvinnie)
+- [Mahaputra Ilham Awal @mahaputrailhamawal](https://github.com/mahaputrailhamawal)
+- [Turjo Chowdhury @turjoc120](https://github.com/turjoc120)
+- [SndR @SndR85](https://github.com/SndR85)
+- [Josh Grossman @tghosth](https://github.com/tghosth)
+- [alphasec @alphasecio](https://github.com/alphasecio)
+- [CaduRoriz @CaduRoriz](https://github.com/CaduRoriz)
+- [Madhu Akula @madhuakula](https://github.com/madhuakula)
+- [Mike Woudenberg @mikewoudenberg](https://github.com/mikewoudenberg)
+- [Spyros @northdpole](https://github.com/northdpole)
+- [RubenAtBinx @RubenAtBinx](https://github.com/RubenAtBinx)
+- [Alex Bender @alex-bender](https://github.com/alex-bender)
+- [Danny Lloyd @dannylloyd](https://github.com/dannylloyd)
+- [Nicolas Humblot @nhumblot](https://github.com/nhumblot)
+- [Rick M @kingthorin](https://github.com/kingthorin)
+- [Shlomo Zalman Heigh @szh](https://github.com/szh)
+- [Fern @f3rn0s](https://github.com/f3rn0s)
+- [Jeff Tong @Wind010](https://github.com/Wind010)
 
 Testers:
 
-- [Dave van Stein @davevs](https://www.github.com/davevs)
-- [Marcin Nowak @drnow4u](https://www.github.com/drnow4u)
-- [Marc Chang Sing Pang @mchangsp](https://www.github.com/mchangsp)
-- [Vineeth Jagadeesh @djvinnie](https://www.github.com/djvinnie)
+- [Dave van Stein @davevs](https://github.com/davevs)
+- [Marcin Nowak @drnow4u](https://github.com/drnow4u)
+- [Marc Chang Sing Pang @mchangsp](https://github.com/mchangsp)
+- [Vineeth Jagadeesh @djvinnie](https://github.com/djvinnie)
 
 Special thanks:
 
-- [Madhu Akula @madhuakula @madhuakula](https://www.github.com/madhuakula)
-- [Nanne Baars @nbaars @nbaars](https://www.github.com/nbaars)
-- [Björn Kimminich @bkimminich](https://www.github.com/bkimminich)
-- [Dan Gora @devsecops](https://www.github.com/devsecops)
-- [Xiaolu Dai @saragluna](https://www.github.com/saragluna)
-- [Jonathan Giles @jonathanGiles](https://www.github.com/jonathanGiles)
+- [Madhu Akula @madhuakula @madhuakula](https://github.com/madhuakula)
+- [Nanne Baars @nbaars @nbaars](https://github.com/nbaars)
+- [Björn Kimminich @bkimminich](https://github.com/bkimminich)
+- [Dan Gora @devsecops](https://github.com/devsecops)
+- [Xiaolu Dai @saragluna](https://github.com/saragluna)
+- [Jonathan Giles @jonathanGiles](https://github.com/jonathanGiles)
 
 
 ### Sponsorships

docs/PRE_COMMIT.md

@@ -0,0 +1,78 @@
+# Lychee Pre-commit Hooks
+
+This repository provides three pre-commit hook options for lychee link checking:
+
+## Quick Start
+
+Add this to your `.pre-commit-config.yaml`:
+
+```yaml
+repos:
+  - repo: https://github.com/lycheeverse/lychee
+    rev: lychee-v0.20.1  # Use latest lychee-v* tag
+    hooks:
+      - id: lychee  # Auto-installs lychee
+```
+
+## Hook Options
+
+### 1. `lychee` (Recommended)
+
+- **Auto-installs** lychee using cargo-binstall (fast) or cargo install (fallback)
+- **Best user experience** - no manual setup required
+- **Fast** - uses pre-built binaries when available
+
+```yaml
+- id: lychee
+  args: ["--no-progress", "--exclude", "file://"]
+```
+
+### 2. `lychee-system` 
+
+- **Requires manual installation**: `cargo install lychee`
+- **Fastest** - no installation overhead
+- **For users who already have lychee installed**
+
+```yaml
+- id: lychee-system
+  args: ["--no-progress", "--exclude", "file://"]
+```
+
+### 3. `lychee-docker`
+
+- **Auto-installs** via Docker image
+- **Slower** - pulls Docker image
+- **For environments where cargo is not available**
+
+```yaml
+- id: lychee-docker
+  args: ["--no-progress", "--exclude", "file://"]
+```
+
+## Version Format
+
+⚠️ **Important**: Use `lychee-v*` format for tags (e.g., `lychee-v0.20.1`), not `v*` format.
+
+The tag format changed after v0.15.1 to support cargo-binstall URL patterns:
+- ❌ `rev: v0.20.1` (doesn't exist)  
+- ✅ `rev: lychee-v0.20.1` (correct format)
+
+## Common Configuration
+
+```yaml
+repos:
+  - repo: https://github.com/lycheeverse/lychee
+    rev: lychee-v0.20.1
+    hooks:
+      - id: lychee
+        args: 
+          - --no-progress
+          - --exclude=file://
+          - --exclude=mailto:
+```
+
+## Troubleshooting
+
+**"Executable `lychee` not found"**: Use the default `lychee` hook (not `lychee-system`) for auto-installation.
+
+**Tag format issues**: Ensure you're using `lychee-v*` format, not `v*` format for versions after 0.15.1.