diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 41c412a..1f0131b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,8 +11,6 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
     steps:
     - uses: actions/checkout@v2
 
@@ -26,8 +24,6 @@ jobs:
 
   test:
     runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
     steps:
     - uses: actions/checkout@v2
 
diff --git a/Dockerfile b/Dockerfile
index 300a2bb..be81040 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM golang:1.17 AS build
 WORKDIR /go/src/github.com/zricethezav/gitleaks
 COPY . .
 RUN VERSION=$(git describe --tags --abbrev=0) && \
-GO111MODULE=on CGO_ENABLED=0 go build -o bin/gitleaks -ldflags "-X="github.com/zricethezav/gitleaks/v8/cmd.Version=${VERSION}
+CGO_ENABLED=0 go build -o bin/gitleaks -ldflags "-X="github.com/zricethezav/gitleaks/v8/cmd.Version=${VERSION}
 
 FROM alpine:3.14.2
 RUN adduser -D gitleaks && \
diff --git a/Makefile b/Makefile
index 4f60007..f53e379 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ LDFLAGS=-ldflags "-X=github.com/zricethezav/gitleaks/v8/cmd.Version=$(VERSION)"
 COVER=--cover --coverprofile=cover.out
 
 test-cover:
-	go test ./... --race $(COVER) $(PKG) -v
+	go test -v ./... --race $(COVER) $(PKG)
 	go tool cover -html=cover.out
 
 format:
@@ -14,7 +14,7 @@ format:
 
 test: format
 	go vet ./...
-	go test ./... --race $(PKG) -v
+	go test -v ./... --race $(PKG) 
 
 build: format
 	go vet ./...
diff --git a/README.md b/README.md
index cf36014..9f0f1d0 100644
--- a/README.md
+++ b/README.md
@@ -116,7 +116,7 @@ Use "gitleaks [command] --help" for more information about a command.
 ### Commands
 There are two commands you will use to detect secrets; `detect` and `protect`.
 #### Detect
-The `detect` command is used to scan repos, directories, and files.  This comand can be used on developer machines and in CI environments.
+The `detect` command is used to scan repos, directories, and files.  This command can be used on developer machines and in CI environments.
 
 When running `detect` on a git repository, gitleaks will parse the output of a `git log -p` command (you can see how this executed
 [here](https://github.com/zricethezav/gitleaks/blob/7240e16769b92d2a1b137c17d6bf9d55a8562899/git/git.go#L17-L25)).
@@ -203,7 +203,7 @@ title = "Gitleaks title"
 # Unique identifier for this rule
 id = "awesome-rule-1"
 # Short human readable description of the rule.
-description = "awsome rule 1"
+description = "awesome rule 1"
 # Golang regular expression used to detect secrets. Note Golang's regex engine
 # does not support lookaheads.
 regex = '''one-go-style-regex-for-this-rule'''
@@ -225,7 +225,7 @@ commits = [ "commit-A", "commit-B"]
 paths = ['''one-file-path-regex''']
 regexes = ['''one-regex-within-the-already-matched-regex''']
 
-# This is a global allowlist which has a higher order of precendence than rule-specific allowlists.
+# This is a global allowlist which has a higher order of precedence than rule-specific allowlists.
 # If a commit listed in the `commits` field below is encountered then that commit will be skipped and no
 # secrets will be detected for said commit. The same logic applies for regexes and paths.
 [allowlist]
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
index 0cecac5..3047e5c 100644
--- a/config/gitleaks.toml
+++ b/config/gitleaks.toml
@@ -2,7 +2,7 @@ title = "gitleaks config"
 
 # Gitleaks rules are defined by regular expressions and entropy ranges.
 # Some secrets have unique signatures which make detecting those secrets easy.
-# Examples of those secrets would be Gitlab Personal Access Tokens, AWS keys, and Github Access Tokens.
+# Examples of those secrets would be GitLab Personal Access Tokens, AWS keys, and GitHub Access Tokens.
 # All these examples have defined prefixes like `glpat`, `AKIA`, `ghp_`, etc.
 #
 # Other secrets might just be a hash which means we need to write more complex rules to verify
@@ -32,7 +32,7 @@ title = "gitleaks config"
 [[rules]]
 id = "gitlab-pat"
 description = "GitLab Personal Access Token"
-regex = '''glpat-[0-9a-zA-Z\-]{20}'''
+regex = '''glpat-[0-9a-zA-Z\-\_]{20}'''
 
 [[rules]]
 id = "aws-access-token"
@@ -62,12 +62,12 @@ regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
 
 [[rules]]
 id = "github-pat"
-description = "Github Personal Access Token"
+description = "GitHub Personal Access Token"
 regex = '''ghp_[0-9a-zA-Z]{36}'''
 
 [[rules]]
 id = "github-oauth"
-description = "Github OAuth Access Token"
+description = "GitHub OAuth Access Token"
 regex = '''gho_[0-9a-zA-Z]{36}'''
 
 [[rules]]
@@ -83,12 +83,12 @@ regex = '''-----BEGIN EC PRIVATE KEY-----'''
 
 [[rules]]
 id = "github-app-token"
-description = "Github App Token"
+description = "GitHub App Token"
 regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
 
 [[rules]]
 id = "github-refresh-token"
-description = "Github Refresh Token"
+description = "GitHub Refresh Token"
 regex = '''ghr_[0-9a-zA-Z]{76}'''
 
 [[rules]]
@@ -124,7 +124,7 @@ regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
 [[rules]]
 id = "pypi-upload-token"
 description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
 
 [[rules]]
 id = "gcp-service-account"
@@ -233,12 +233,6 @@ description = "Contentful delivery API token"
 regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
 secretGroup = 3
 
-[[rules]]
-id = "contentful-preview-api-token"
-description = "Contentful preview API token"
-regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
-secretGroup = 3
-
 [[rules]]
 id = "databricks-api-token"
 description = "Databricks API token"
@@ -326,43 +320,43 @@ regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([
 secretGroup = 3
 
 [[rules]]
-id = "flutterweave-public-key"
-description = "Flutterweave public key"
+id = "flutterwave-public-key"
+description = "Flutterwave public key"
 regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
 
 [[rules]]
-id = "flutterweave-secret-key"
-description = "Flutterweave secret key"
+id = "flutterwave-secret-key"
+description = "Flutterwave secret key"
 regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
 
 [[rules]]
-id = "flutterweave-enc-key"
-description = "Flutterweave encrypted key"
+id = "flutterwave-enc-key"
+description = "Flutterwave encrypted key"
 regex = '''FLWSECK_TEST[a-h0-9]{12}'''
 
 [[rules]]
 id = "frameio-api-token"
 description = "Frame.io API token"
-regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
+regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
 
 [[rules]]
 id = "gocardless-api-token"
 description = "GoCardless API token"
-regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
+regex = '''['\"]live_(?i)[a-z0-9\-_=]{40}['\"]'''
 
 [[rules]]
 id = "grafana-api-token"
 description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
+regex = '''['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]'''
 
 [[rules]]
 id = "hashicorp-tf-api-token"
-description = "Hashicorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
+description = "HashiCorp Terraform user/org API token"
+regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]'''
 
 [[rules]]
 id = "hubspot-api-token"
-description = "Hubspot API token"
+description = "HubSpot API token"
 regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
 secretGroup = 3
 
@@ -470,12 +464,12 @@ regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
 
 [[rules]]
 id = "planetscale-password"
-description = "Planetscale password"
+description = "PlanetScale password"
 regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
 
 [[rules]]
 id = "planetscale-api-token"
-description = "Planetscale API token"
+description = "PlanetScale API token"
 regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
 
 [[rules]]
@@ -495,7 +489,7 @@ regex = '''rubygems_[a-f0-9]{48}'''
 
 [[rules]]
 id = "sendgrid-api-token"
-description = "Sendgrid API token"
+description = "SendGrid API token"
 regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
 
 [[rules]]
@@ -509,14 +503,14 @@ description = "Shippo API token"
 regex = '''shippo_(live|test)_[a-f0-9]{40}'''
 
 [[rules]]
-id = "linedin-client-secret"
-description = "Linkedin Client secret"
+id = "linkedin-client-secret"
+description = "LinkedIn Client secret"
 regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
 secretGroup = 3
 
 [[rules]]
-id = "linedin-client-id"
-description = "Linkedin Client ID"
+id = "linkedin-client-id"
+description = "LinkedIn Client ID"
 regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
 secretGroup = 3
 
@@ -535,7 +529,7 @@ secretGroup = 3
 [[rules]]
 id = "generic-api-key"
 description = "Generic API Key"
-regex = '''(?i)((key|api|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
+regex = '''(?i)((key|api[^Version]|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
 entropy = 3.7
 secretGroup = 4
 
@@ -545,5 +539,6 @@ description = "global allow lists"
 regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''']
 paths = [
     '''gitleaks.toml''',
-    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$'''
+    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
+    '''(go.mod|go.sum)$'''
 ]
diff --git a/detect/detect.go b/detect/detect.go
index aad771c..cfdc82b 100644
--- a/detect/detect.go
+++ b/detect/detect.go
@@ -84,7 +84,7 @@ func DetectFindings(cfg config.Config, b []byte, filePath string, commit string)
 			// extract secret from secret group if set
 			if r.SecretGroup != 0 {
 				groups := r.Regex.FindStringSubmatch(secret)
-				if len(groups)-1 > r.SecretGroup || len(groups) == 0 {
+				if len(groups) <= r.SecretGroup || len(groups) == 0 {
 					// Config validation should prevent this
 					break
 				}
@@ -108,13 +108,6 @@ func DetectFindings(cfg config.Config, b []byte, filePath string, commit string)
 	return dedupe(findings)
 }
 
-func limit(s string) string {
-	if len(s) > 500 {
-		return s[:500] + "..."
-	}
-	return s
-}
-
 func printFinding(f report.Finding) {
 	var b []byte
 	b, _ = json.MarshalIndent(f, "", "	")
diff --git a/detect/detect_test.go b/detect/detect_test.go
index 89834ef..496de7c 100644
--- a/detect/detect_test.go
+++ b/detect/detect_test.go
@@ -22,6 +22,25 @@ func TestDetectFindings(t *testing.T) {
 		expectedFindings []report.Finding
 		wantError        error
 	}{
+		{
+			cfgName:  "escaped_character_group",
+			bytes:    []byte(`pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB`),
+			filePath: "tmp.go",
+			expectedFindings: []report.Finding{
+				{
+					Description: "PyPI upload token",
+					Secret:      "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					Match:       "pypi-AgEIcHlwaS5vcmcAAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAA-AAAAAAAAAAB",
+					File:        "tmp.go",
+					RuleID:      "pypi-upload-token",
+					Tags:        []string{"key", "pypi"},
+					StartLine:   1,
+					EndLine:     1,
+					StartColumn: 1,
+					EndColumn:   86,
+				},
+			},
+		},
 		{
 			cfgName:  "simple",
 			bytes:    []byte(`awsToken := \"AKIALALEMEL33243OLIA\"`),
diff --git a/go.mod b/go.mod
index 3d6743a..72f6f30 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/zricethezav/gitleaks/v8
 
-go 1.16
+go 1.17
 
 require (
 	github.com/gitleaks/go-gitdiff v0.7.4
@@ -9,7 +9,26 @@ require (
 	github.com/spf13/viper v1.8.1
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
 	golang.org/x/sys v0.0.0-20211110154304-99a53858aa08 // indirect
-	golang.org/x/tools v0.1.5
+	golang.org/x/text v0.3.5 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
diff --git a/go.sum b/go.sum
index 86265aa..b50fd90 100644
--- a/go.sum
+++ b/go.sum
@@ -467,7 +467,6 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/report/constants.go b/report/constants.go
index da78739..7772950 100644
--- a/report/constants.go
+++ b/report/constants.go
@@ -2,4 +2,3 @@ package report
 
 const version = "v8.0.0"
 const driver = "gitleaks"
-const driverURL = "https://github.com/zricethezav/gitleaks"
diff --git a/report/sarif.go b/report/sarif.go
index a8ce283..986b3b2 100644
--- a/report/sarif.go
+++ b/report/sarif.go
@@ -30,25 +30,46 @@ func getRuns(cfg config.Config, findings []Finding) []Runs {
 }
 
 func getTool(cfg config.Config) Tool {
-	return Tool{
+	tool := Tool{
 		Driver: Driver{
 			Name:            driver,
 			SemanticVersion: version,
 			Rules:           getRules(cfg),
 		},
 	}
+
+	// if this tool has no rules, ensure that it is represented as [] instead of null/nil
+	if hasEmptyRules(tool) {
+		tool.Driver.Rules = make([]Rules, 0)
+	}
+
+	return tool
+}
+
+func hasEmptyRules(tool Tool) bool {
+	return len(tool.Driver.Rules) == 0
 }
 
 func getRules(cfg config.Config) []Rules {
 	// TODO	for _, rule := range cfg.Rules {
 	var rules []Rules
 	for _, rule := range cfg.Rules {
-		rules = append(rules, Rules{
-			ID:   rule.RuleID,
-			Name: rule.Description,
-			Description: ShortDescription{
+		shortDescription := ShortDescription{
+			Text: rule.Description,
+		}
+		if rule.Regex != nil {
+			shortDescription = ShortDescription{
 				Text: rule.Regex.String(),
-			},
+			}
+		} else if rule.Path != nil {
+			shortDescription = ShortDescription{
+				Text: rule.Path.String(),
+			}
+		}
+		rules = append(rules, Rules{
+			ID:          rule.RuleID,
+			Name:        rule.Description,
+			Description: shortDescription,
 		})
 	}
 	return rules
@@ -186,14 +207,3 @@ type Runs struct {
 	Tool    Tool      `json:"tool"`
 	Results []Results `json:"results"`
 }
-
-func configToRules(cfg config.Config) []Rules {
-	var rules []Rules
-	for _, rule := range cfg.Rules {
-		rules = append(rules, Rules{
-			ID:   rule.RuleID,
-			Name: rule.Description,
-		})
-	}
-	return rules
-}
diff --git a/testdata/config/escaped_character_group.toml b/testdata/config/escaped_character_group.toml
new file mode 100644
index 0000000..b280395
--- /dev/null
+++ b/testdata/config/escaped_character_group.toml
@@ -0,0 +1,8 @@
+title = "gitleaks config"
+# https://learnxinyminutes.com/docs/toml/ for toml reference
+
+[[rules]]
+    id = "pypi-upload-token"
+    description = "PyPI upload token"
+    regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
+    tags = ["key", "pypi"]
\ No newline at end of file
diff --git a/testdata/repos/small/dotGit/index b/testdata/repos/small/dotGit/index
index 936b241..fec9889 100644
Binary files a/testdata/repos/small/dotGit/index and b/testdata/repos/small/dotGit/index differ