diff --git a/.travis.yml b/.travis.yml
index 97a1b6f..98b4785 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,8 @@
 language: go
 go:
-- 1.14.x
+  - 1.16.x
 services:
-- docker
+  - docker
 script:
-- make test
-- make security-scan
+  - make test
+  - make security-scan
diff --git a/Dockerfile b/Dockerfile
index b4eb68d..df587cc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,6 +12,6 @@ ENTRYPOINT ["gitleaks"]
 # How to use me :
 
 # docker build -t gitleaks .
-# docker run --rm --name=gitleaks gitleaks --repo=https://github.com/zricethezav/gitleaks
+# docker run --rm --name=gitleaks gitleaks --repo-url=https://github.com/zricethezav/gitleaks
 
 # This will check for secrets in https://github.com/zricethezav/gitleaks
diff --git a/README.md b/README.md
index 88c1374..e82e1cb 100644
--- a/README.md
+++ b/README.md
@@ -6,21 +6,26 @@
   </p>
 </p>
 
-Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks aims to be the **easy-to-use, all-in-one solution** for finding secrets, past or present, in your code. 
- 
+Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an **easy-to-use, all-in-one solution** for finding secrets, past or present, in your code. 
+
+### Introduction Video
+<p align="left">
+      <a href="https://www.youtube.com/watch?v=VUq2eII20S4"><img alt="intro" src="https://img.youtube.com/vi/VUq2eII20S4/maxresdefault.jpg" height="200"></a>
+</p>
+
 ### Features:
 - Scan for [commited](https://github.com/zricethezav/gitleaks#Scanning) secrets
-- Scan for [unstaged](https://github.com/zricethezav/gitleaks#scan-unstaged-changes) secrets as part of shifting security left
+- Scan for [unstaged](https://github.com/zricethezav/gitleaks#scan-unstaged-changes) secrets to shift security left
 - Scan [directories and files](https://github.com/zricethezav/gitleaks#scan-local-directory)
-- Available [Github Action](https://github.com/marketplace/actions/gitleaks)
+- Run [Gitleaks Action](https://github.com/marketplace/actions/gitleaks) in your CI/CD pipeline
 - [Custom rules](https://github.com/zricethezav/gitleaks#configuration) via toml configuration
-- High performance using [go-git](https://github.com/go-git/go-git)
+- Increased performance using [go-git](https://github.com/go-git/go-git)
 - JSON, SARIF, and CSV reporting
 - Private repo scans using key or password based authentication
 
 
 ### Installation
-Gitleaks can be installed with Homebrew, Docker, and Go. Gitleaks is also available in binary form for many popular platforms and OS types from the [releases page](https://github.com/zricethezav/gitleaks/releases).
+Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types on the [releases page](https://github.com/zricethezav/gitleaks/releases).
 
 ##### MacOS
 
@@ -45,42 +50,41 @@ Usage:
   gitleaks [OPTIONS]
 
 Application Options:
-  -v, --verbose           Show verbose output from scan
-  -q, --quiet             Sets log level to error and only output leaks, one json object per line
-  -r, --repo-url=         Repository URL
-  -p, --path=             Path to directory (repo if contains .git) or file
-  -c, --config-path=      Path to config
-      --repo-config-path= Path to gitleaks config relative to repo root
-      --version           Version number
-      --username=         Username for git repo
-      --password=         Password for git repo
-      --access-token=     Access token for git repo
-      --threads=          Maximum number of threads gitleaks spawns
-      --ssh-key=          Path to ssh key used for auth
-      --unstaged          Run gitleaks on unstaged code
-      --branch=           Branch to scan
-      --redact            Redact secrets from log messages and leaks
-      --debug             Log debug messages
-      --leaks-exit-code=  Exit code when leaks have been encountered (default: 1) 
-      --no-git            Treat git repos as plain directories and scan those
-                          files
-  -o, --report=           Report output path
-  -f, --format=           JSON, CSV, SARIF (default: json)
-      --files-at-commit=  Sha of commit to scan all files at commit
-      --commit=           Sha of commit to scan or "latest" to scan the last
-                          commit of the repository
-      --commits=          Comma separated list of a commits to scan
-      --commits-file=     Path to file of line separated list of commits to scan
-      --commit-from=      Commit to start scan from
-      --commit-to=        Commit to stop scan
-      --commit-since=     Scan commits more recent than a specific date. Ex:
-                          '2006-01-02' or '2006-01-02T15:04:05-0700' format.
-      --commit-until=     Scan commits older than a specific date. Ex:
-                          '2006-01-02' or '2006-01-02T15:04:05-0700' format.
-      --depth=            Number of commits to scan
+  -v, --verbose             Show verbose output from scan
+  -q, --quiet               Sets log level to error and only output leaks, one json object per line
+  -r, --repo-url=           Repository URL
+  -p, --path=               Path to directory (repo if contains .git) or file
+  -c, --config-path=        Path to config
+      --repo-config-path=   Path to gitleaks config relative to repo root
+      --clone-path=         Path to clone repo to disk
+      --version             Version number
+      --username=           Username for git repo
+      --password=           Password for git repo
+      --access-token=       Access token for git repo
+      --threads=            Maximum number of threads gitleaks spawns
+      --ssh-key=            Path to ssh key used for auth
+      --unstaged            Run gitleaks on unstaged code
+      --branch=             Branch to scan
+      --redact              Redact secrets from log messages and leaks
+      --debug               Log debug messages
+      --no-git              Treat git repos as plain directories and scan those files
+      --leaks-exit-code=    Exit code when leaks have been encountered (default: 1)
+      --append-repo-config  Append the provided or default config with the repo config.
+      --additional-config=  Path to an additional gitleaks config to append with an existing config. Can be used with --append-repo-config to append up to three configurations
+  -o, --report=             Report output path
+  -f, --format=             JSON, CSV, SARIF (default: json)
+      --files-at-commit=    Sha of commit to scan all files at commit
+      --commit=             Sha of commit to scan or "latest" to scan the last commit of the repository
+      --commits=            Comma separated list of a commits to scan
+      --commits-file=       Path to file of line separated list of commits to scan
+      --commit-from=        Commit to start scan from
+      --commit-to=          Commit to stop scan
+      --commit-since=       Scan commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
+      --commit-until=       Scan commits older than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
+      --depth=              Number of commits to scan
 
 Help Options:
-  -h, --help              Show this help message
+  -h, --help                Show this help message
 ```
 
 
@@ -94,7 +98,7 @@ gitleaks --repo-url=https://github.com/my-insecure/repo -v
 
 
 #### Basic repo-url scan output to a report:
-If we want the report in sarif or csv we can set the `-f/--format` option
+If you want the report in sarif or csv you can set the `-f/--format` option
 ```
 gitleaks --repo-url=https://github.com/my-insecure/repo -v --report=my-report.json
 ```
@@ -109,20 +113,20 @@ gitleaks --repo-url=https://github.com/my-insecure/repo --commit=commit-sha -v
 gitleaks --path=path/to/local/repo -v
 ```
 
-#### Scan repos contain in a parent directory:
-If we had `repo1`, `repo2`, `repo3` all under `path/to/local`, gitleaks will discover and scan those repos.
+#### Scan repos contained in a parent directory:
+If you have `repo1`, `repo2`, `repo3` all under `path/to/local`, gitleaks will discover and scan those repos.
 ```
 gitleaks --path=path/to/local/ -v
 ```
 
 #### Scan local directory:
-You might want to scan the current contents of a repo, ignoring git alltogether. You can use the `--no-git` option to do this.
+If you want to scan the current contents of a repo, ignoring git alltogether. You can use the `--no-git` option to do this.
 ```
 gitleaks --path=path/to/local/repo -v --no-git
 ```
 
 #### Scan a file:
-Or you might want to scan a single file using gitleaks rules. You can do this by specifying the file in `--path` and including the `--no-git` option.
+Or if you want to scan a single file using gitleaks rules. You can do this by specifying the file in `--path` and including the `--no-git` option.
 ```
 gitleaks --path=path/to/local/repo/main.go -v --no-git
 ```
@@ -136,8 +140,9 @@ gitleaks --path=path/to/local/repo -v --unstaged
 
 
 ### Configuration
-Provide your own gitleaks configurations with `--config-path` or `--repo-config-path`. The difference between the two is `--config-path` loads a local gitleaks config whereas `--repo-config-path` will load a configuration present in the repo you want to scan. For example, `gitleaks --repo-config-path=".github/gitleaks.config"`.
-The default configuration Gitleaks uses is located [here](https://github.com/zricethezav/gitleaks/blob/master/config/default.go). More configuration examples can be seen [here](https://github.com/zricethezav/gitleaks/tree/master/examples). Configuration files contain a few different toml tables which will be explained below.
+Provide your own gitleaks configurations with `--config-path` or `--repo-config-path`. `--config-path` loads a local gitleaks configuration whereas `--repo-config-path` will load a configuration present just in the repo you want to scan. For example, `gitleaks --repo-config-path=".github/gitleaks.config"`.
+The default configuration Gitleaks uses is located [here](https://github.com/zricethezav/gitleaks/blob/master/config/default.go). More configuration examples can be seen [here](https://github.com/zricethezav/gitleaks/tree/master/examples). Configuration files will contain a few different toml tables. Further explanation is provided below.
+
 ### Rules summary
 
 The rules are written in [TOML](https://github.com/toml-lang/toml) as defined in [TomlLoader struct](https://github.com/zricethezav/gitleaks/blob/master/config/config.go#L57-L87), and can be summarized as:
@@ -257,9 +262,8 @@ Gamma proactively detects and remediates data leaks across cloud apps. Scan your
 #### Individual Sponsors 
 These users are [sponsors](https://github.com/sponsors/zricethezav) of gitleaks:
 
-[![Adam Shannon](https://github.com/adamdecaf.png?size=50)](https://github.com/adamdecaf) | 
----|
-----
+- [Adam Shannon](https://github.com/adamdecaf)
+- [ProjectDiscovery](https://projectdiscovery.io/#/)
 
 
 #### Logo Attribution
diff --git a/config/config.go b/config/config.go
index cad0cb0..fa8b930 100644
--- a/config/config.go
+++ b/config/config.go
@@ -2,7 +2,10 @@ package config
 
 import (
 	"fmt"
+	"io"
+	"os"
 	"path"
+	"path/filepath"
 	"regexp"
 	"strconv"
 
@@ -249,13 +252,7 @@ func LoadRepoConfig(repo *git.Repository, repoConfig string) (Config, error) {
 		if err != nil {
 			return Config{}, err
 		}
-		var tomlLoader TomlLoader
-		_, err = toml.DecodeReader(r, &tomlLoader)
-		if err != nil {
-			return Config{}, err
-		}
-
-		return tomlLoader.Parse()
+		return parseTomlFile(r)
 	}
 
 	log.Debug("attempting to load repo config from bare worktree, this may use an old config")
@@ -274,15 +271,49 @@ func LoadRepoConfig(repo *git.Repository, repoConfig string) (Config, error) {
 		return Config{}, err
 	}
 
-	var tomlLoader TomlLoader
 	r, err := f.Reader()
+
 	if err != nil {
 		return Config{}, err
 	}
-	_, err = toml.DecodeReader(r, &tomlLoader)
+
+	return parseTomlFile(r)
+}
+
+// LoadAdditionalConfig Accepts a path to a gitleaks config and returns a Config struct
+func LoadAdditionalConfig(repoConfig string) (Config, error) {
+	file, err := os.Open(filepath.Clean(repoConfig))
 	if err != nil {
 		return Config{}, err
 	}
 
+	return parseTomlFile(file)
+}
+
+// AppendConfig Accepts a Config struct and will append those fields to this Config Struct's fields
+func (config *Config) AppendConfig(configToBeAppended Config) Config {
+	newAllowList := AllowList{
+		Description: "Appended Configuration",
+		Commits:     append(config.Allowlist.Commits, configToBeAppended.Allowlist.Commits...),
+		Files:       append(config.Allowlist.Files, configToBeAppended.Allowlist.Files...),
+		Paths:       append(config.Allowlist.Paths, configToBeAppended.Allowlist.Paths...),
+		Regexes:     append(config.Allowlist.Regexes, configToBeAppended.Allowlist.Regexes...),
+		Repos:       append(config.Allowlist.Repos, configToBeAppended.Allowlist.Repos...),
+	}
+
+	return Config{
+		Rules:     append(config.Rules, configToBeAppended.Rules...),
+		Allowlist: newAllowList,
+	}
+}
+
+// takes a File, makes sure it is a valid config, and parses it
+func parseTomlFile(f io.Reader) (Config, error) {
+	var tomlLoader TomlLoader
+	_, err := toml.DecodeReader(f, &tomlLoader)
+	if err != nil {
+		log.Errorf("Unable to read gitleaks config. Using defaults. Error: %s", err)
+		return Config{}, err
+	}
 	return tomlLoader.Parse()
 }
diff --git a/config/config_test.go b/config/config_test.go
index 4be7dce..491d5de 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -211,3 +211,73 @@ func writeTestConfig(toml string) (string, error) {
 
 	return tmpfile.Name(), nil
 }
+
+func TestAppendingConfiguration(t *testing.T) {
+	testRegexA, _ := regexp.Compile("a")
+	testRegexB, _ := regexp.Compile("b")
+
+	allowListA := AllowList{
+		Description: "Test Description",
+		Commits:     []string{"a"},
+		Files:       []*regexp.Regexp{testRegexA},
+		Paths:       []*regexp.Regexp{testRegexA},
+		Regexes:     []*regexp.Regexp{testRegexA},
+		Repos:       []*regexp.Regexp{testRegexA},
+	}
+
+	allowListB := AllowList{
+		Description: "Test Description",
+		Commits:     []string{"b"},
+		Files:       []*regexp.Regexp{testRegexB},
+		Paths:       []*regexp.Regexp{testRegexB},
+		Regexes:     []*regexp.Regexp{testRegexB},
+		Repos:       []*regexp.Regexp{testRegexB},
+	}
+
+	ruleA := Rule{Description: "a"}
+	ruleB := Rule{Description: "b"}
+
+	rulesA := []Rule{ruleA}
+	rulesB := []Rule{ruleB}
+
+	cfgA := Config{
+		Rules:     rulesA,
+		Allowlist: allowListA,
+	}
+
+	cfgB := Config{
+		Rules:     rulesB,
+		Allowlist: allowListB,
+	}
+
+	cfgAppended := cfgA.AppendConfig(cfgB)
+
+	if !(len(cfgAppended.Rules) == 2) {
+		t.Errorf("Length of Appended Rules = %d; want 2", len(cfgAppended.Rules))
+	}
+
+	if !(len(cfgAppended.Allowlist.Commits) == 2) {
+		t.Errorf("Length of Appended Allowed Commits = %d; want 2", len(cfgAppended.Allowlist.Commits))
+	}
+
+	if !(len(cfgAppended.Allowlist.Files) == 2) {
+		t.Errorf("Length of Appended Allowed Files = %d; want 2", len(cfgAppended.Allowlist.Files))
+	}
+
+	if !(len(cfgAppended.Allowlist.Paths) == 2) {
+		t.Errorf("Length of Appended Allowed Paths = %d; want 2", len(cfgAppended.Allowlist.Paths))
+	}
+
+	if !(len(cfgAppended.Allowlist.Regexes) == 2) {
+		t.Errorf("Length of Appended Allowed Regexes = %d; want 2", len(cfgAppended.Allowlist.Regexes))
+	}
+
+	if !(len(cfgAppended.Allowlist.Repos) == 2) {
+		t.Errorf("Length of Appended Allowed Repos = %d; want 2", len(cfgAppended.Allowlist.Repos))
+	}
+
+	if cfgAppended.Allowlist.Description != "Appended Configuration" {
+		t.Errorf("Allow List Description is = \"%s\"; want \"Appended Configuration\"", cfgAppended.Allowlist.Description)
+	}
+
+}
diff --git a/config/default.go b/config/default.go
index 27c3dd0..cb9d8f1 100644
--- a/config/default.go
+++ b/config/default.go
@@ -7,158 +7,175 @@ const DefaultConfig = `
 title = "gitleaks config"
 
 [[rules]]
-	description = "AWS Access Key"
-	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
-	tags = ["key", "AWS"]
+    description = "AWS Access Key"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
 
 [[rules]]
-	description = "AWS Secret Key"
-	regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
-	tags = ["key", "AWS"]
+    description = "AWS Secret Key"
+    regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+    tags = ["key", "AWS"]
 
 [[rules]]
-	description = "AWS MWS key"
-	regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
-	tags = ["key", "AWS", "MWS"]
+    description = "AWS MWS key"
+    regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+    tags = ["key", "AWS", "MWS"]
 
 [[rules]]
-	description = "Facebook Secret Key"
-	regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
-	tags = ["key", "Facebook"]
+    description = "Facebook Secret Key"
+    regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+    tags = ["key", "Facebook"]
 
 [[rules]]
-	description = "Facebook Client ID"
-	regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
-	tags = ["key", "Facebook"]
+    description = "Facebook Client ID"
+    regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+    tags = ["key", "Facebook"]
 
 [[rules]]
-	description = "Twitter Secret Key"
-	regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}'''
-	tags = ["key", "Twitter"]
+    description = "Twitter Secret Key"
+    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}'''
+    tags = ["key", "Twitter"]
 
 [[rules]]
-	description = "Twitter Client ID"
-	regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}'''
-	tags = ["client", "Twitter"]
+    description = "Twitter Client ID"
+    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}'''
+    tags = ["client", "Twitter"]
 
 [[rules]]
-	description = "Github"
-	regex = '''(?i)github(.{0,20})?(?-i)[0-9a-zA-Z]{35,40}'''
-	tags = ["key", "Github"]
+    description = "Github Personal Access Token"
+    regex = '''ghp_[0-9a-zA-Z]{36}'''
+    tags = ["key", "Github"]
+[[rules]]
+    description = "Github OAuth Access Token"
+    regex = '''gho_[0-9a-zA-Z]{36}'''
+    tags = ["key", "Github"]
+[[rules]]
+    description = "Github App Token"
+    regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
+    tags = ["key", "Github"]
+[[rules]]
+    description = "Github Refresh Token"
+    regex = '''ghr_[0-9a-zA-Z]{76}'''
+    tags = ["key", "Github"]
+
+[[rules]]
+    description = "LinkedIn Client ID"
+    regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
+    tags = ["client", "LinkedIn"]
 
 [[rules]]
-	description = "LinkedIn Client ID"
-	regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
-	tags = ["client", "LinkedIn"]
+    description = "LinkedIn Secret Key"
+    regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
+    tags = ["secret", "LinkedIn"]
 
 [[rules]]
-	description = "LinkedIn Secret Key"
-	regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
-	tags = ["secret", "LinkedIn"]
+    description = "Slack"
+    regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+    tags = ["key", "Slack"]
 
 [[rules]]
-	description = "Slack"
-	regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
-	tags = ["key", "Slack"]
+    description = "Asymmetric Private Key"
+    regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
+    tags = ["key", "AsymmetricPrivateKey"]
 
 [[rules]]
-	description = "Asymmetric Private Key"
-	regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
-	tags = ["key", "AsymmetricPrivateKey"]
+    description = "Google API key"
+    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+    tags = ["key", "Google"]
 
 [[rules]]
-	description = "Google API key"
-	regex = '''AIza[0-9A-Za-z\\-_]{35}'''
-	tags = ["key", "Google"]
+    description = "Google (GCP) Service Account"
+    regex = '''"type": "service_account"'''
+    tags = ["key", "Google"]
 
 [[rules]]
-	description = "Google (GCP) Service Account"
-	regex = '''"type": "service_account"'''
-	tags = ["key", "Google"]
+    description = "Heroku API key"
+    regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+    tags = ["key", "Heroku"]
 
 [[rules]]
-	description = "Heroku API key"
-	regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
-	tags = ["key", "Heroku"]
+    description = "MailChimp API key"
+    regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
+    tags = ["key", "Mailchimp"]
 
 [[rules]]
-	description = "MailChimp API key"
-	regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
-	tags = ["key", "Mailchimp"]
+    description = "Mailgun API key"
+    regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
+    tags = ["key", "Mailgun"]
 
 [[rules]]
-	description = "Mailgun API key"
-	regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
-	tags = ["key", "Mailgun"]
+    description = "PayPal Braintree access token"
+    regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+    tags = ["key", "Paypal"]
 
 [[rules]]
-	description = "PayPal Braintree access token"
-	regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
-	tags = ["key", "Paypal"]
+    description = "Picatic API key"
+    regex = '''sk_live_[0-9a-z]{32}'''
+    tags = ["key", "Picatic"]
 
 [[rules]]
-	description = "Picatic API key"
-	regex = '''sk_live_[0-9a-z]{32}'''
-	tags = ["key", "Picatic"]
+    description = "SendGrid API Key"
+    regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
+    tags = ["key", "SendGrid"]
 
 [[rules]]
-	description = "SendGrid API Key"
-	regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
-	tags = ["key", "SendGrid"]
+    description = "Slack Webhook"
+    regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
+    tags = ["key", "slack"]
 
 [[rules]]
-	description = "Slack Webhook"
-	regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
-	tags = ["key", "slack"]
+    description = "Stripe API key"
+    regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
+    tags = ["key", "Stripe"]
 
 [[rules]]
-	description = "Stripe API key"
-	regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
-	tags = ["key", "Stripe"]
+    description = "Square access token"
+    regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+    tags = ["key", "square"]
 
 [[rules]]
-	description = "Square access token"
-	regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
-	tags = ["key", "square"]
+    description = "Square OAuth secret"
+    regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+    tags = ["key", "square"]
 
 [[rules]]
-	description = "Square OAuth secret"
-	regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
-	tags = ["key", "square"]
+    description = "Twilio API key"
+    regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
+    tags = ["key", "twilio"]
 
 [[rules]]
-	description = "Twilio API key"
-	regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
-	tags = ["key", "twilio"]
+    description = "Dynatrace ttoken"
+    regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
+    tags = ["key", "Dynatrace"]
 
 [[rules]]
-	description = "Dynatrace ttoken"
-	regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
-	tags = ["key", "Dynatrace"]
+    description = "Shopify shared secret"
+    regex = '''shpss_[a-fA-F0-9]{32}'''
+    tags = ["key", "Shopify"]
 
 [[rules]]
-	description = "Shopify shared secret"
-	regex = '''shpss_[a-fA-F0-9]{32}'''
-	tags = ["key", "Shopify"]
+    description = "Shopify access token"
+    regex = '''shpat_[a-fA-F0-9]{32}'''
+    tags = ["key", "Shopify"]
 
 [[rules]]
-	description = "Shopify access token"
-	regex = '''shpat_[a-fA-F0-9]{32}'''
-	tags = ["key", "Shopify"]
+    description = "Shopify custom app access token"
+    regex = '''shpca_[a-fA-F0-9]{32}'''
+    tags = ["key", "Shopify"]
 
 [[rules]]
-	description = "Shopify custom app access token"
-	regex = '''shpca_[a-fA-F0-9]{32}'''
-	tags = ["key", "Shopify"]
+    description = "Shopify private app access token"
+    regex = '''shppa_[a-fA-F0-9]{32}'''
+    tags = ["key", "Shopify"]
 
 [[rules]]
-	description = "Shopify private app access token"
-	regex = '''shppa_[a-fA-F0-9]{32}'''
-	tags = ["key", "Shopify"]
+    description = "PyPI upload token"
+    regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+    tags = ["key", "pypi"]
 
 [allowlist]
-	description = "Allowlisted files"
-	files = ['''^\.?gitleaks.toml$''',
-	'''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''',
-	'''(go.mod|go.sum)$''']
+    description = "Allowlisted files"
+    files = ['''^\.?gitleaks.toml$''',
+    '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''',
+    '''(go.mod|go.sum)$''']
 `
diff --git a/debian/changelog b/debian/changelog
index 600fbbf..42b89b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+gitleaks (7.4.0-0kali1) UNRELEASED; urgency=low
+
+  * New upstream release.
+
+ -- Kali Janitor <janitor@kali.org>  Mon, 12 Apr 2021 10:10:09 -0000
+
 gitleaks (7.2.2-0kali1) kali-dev; urgency=medium
 
   * Initial release (see 4575)
diff --git a/go.mod b/go.mod
index d599cff..cc5ce8c 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/zricethezav/gitleaks/v7
 
-go 1.15
+go 1.16
 
 replace github.com/go-git/go-git/v5 => github.com/zricethezav/go-git/v5 v5.2.2
 
diff --git a/go.sum b/go.sum
index 40857e8..10dcfbd 100644
--- a/go.sum
+++ b/go.sum
@@ -22,9 +22,6 @@ github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agR
 github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12 h1:PbKy9zOy4aAKrJ5pibIRpVO2BXnK1Tlcg+caKI7Ox5M=
 github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
-github.com/go-git/go-git/v5 v5.2.0 h1:YPBLG/3UK1we1ohRkncLjaXWLW+HKp5QNM/jTli2JgI=
-github.com/go-git/go-git/v5 v5.2.0/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -40,10 +37,8 @@ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v
 github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
@@ -66,8 +61,6 @@ github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJy
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
-github.com/zricethezav/go-git/v5 v5.2.1 h1:snaoKv8ksDSz7NfBRXsBr9Yr8IKEKWRWf1zdhFmcFvI=
-github.com/zricethezav/go-git/v5 v5.2.1/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs=
 github.com/zricethezav/go-git/v5 v5.2.2 h1:VOVijF5OpIiHvFZXX94AJezdJ0b0kTyRyVNZ4yaqCRU=
 github.com/zricethezav/go-git/v5 v5.2.2/go.mod h1:kh02eMX+wdqqxgNMEyq8YgwlIOsDOa9homkUq1PoTMs=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -82,7 +75,6 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -93,15 +85,12 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/options/options.go b/options/options.go
index 02bd8ee..da1ddb4 100644
--- a/options/options.go
+++ b/options/options.go
@@ -20,25 +20,27 @@ import (
 
 // Options stores values of command line options
 type Options struct {
-	Verbose        bool   `short:"v" long:"verbose" description:"Show verbose output from scan"`
-	Quiet          bool   `short:"q" long:"quiet" description:"Sets log level to error and only output leaks, one json object per line"`
-	RepoURL        string `short:"r" long:"repo-url" description:"Repository URL"`
-	Path           string `short:"p" long:"path" description:"Path to directory (repo if contains .git) or file"`
-	ConfigPath     string `short:"c" long:"config-path" description:"Path to config"`
-	RepoConfigPath string `long:"repo-config-path" description:"Path to gitleaks config relative to repo root"`
-	ClonePath      string `long:"clone-path" description:"Path to clone repo to disk"`
-	Version        bool   `long:"version" description:"Version number"`
-	Username       string `long:"username" description:"Username for git repo"`
-	Password       string `long:"password" description:"Password for git repo"`
-	AccessToken    string `long:"access-token" description:"Access token for git repo"`
-	Threads        int    `long:"threads" description:"Maximum number of threads gitleaks spawns"`
-	SSH            string `long:"ssh-key" description:"Path to ssh key used for auth"`
-	Unstaged       bool   `long:"unstaged" description:"Run gitleaks on unstaged code"`
-	Branch         string `long:"branch" description:"Branch to scan"`
-	Redact         bool   `long:"redact" description:"Redact secrets from log messages and leaks"`
-	Debug          bool   `long:"debug" description:"Log debug messages"`
-	NoGit          bool   `long:"no-git" description:"Treat git repos as plain directories and scan those files"`
-	CodeOnLeak     int    `long:"leaks-exit-code" default:"1" description:"Exit code when leaks have been encountered"`
+	Verbose          bool   `short:"v" long:"verbose" description:"Show verbose output from scan"`
+	Quiet            bool   `short:"q" long:"quiet" description:"Sets log level to error and only output leaks, one json object per line"`
+	RepoURL          string `short:"r" long:"repo-url" description:"Repository URL"`
+	Path             string `short:"p" long:"path" description:"Path to directory (repo if contains .git) or file"`
+	ConfigPath       string `short:"c" long:"config-path" description:"Path to config"`
+	RepoConfigPath   string `long:"repo-config-path" description:"Path to gitleaks config relative to repo root"`
+	ClonePath        string `long:"clone-path" description:"Path to clone repo to disk"`
+	Version          bool   `long:"version" description:"Version number"`
+	Username         string `long:"username" description:"Username for git repo"`
+	Password         string `long:"password" description:"Password for git repo"`
+	AccessToken      string `long:"access-token" description:"Access token for git repo"`
+	Threads          int    `long:"threads" description:"Maximum number of threads gitleaks spawns"`
+	SSH              string `long:"ssh-key" description:"Path to ssh key used for auth"`
+	Unstaged         bool   `long:"unstaged" description:"Run gitleaks on unstaged code"`
+	Branch           string `long:"branch" description:"Branch to scan"`
+	Redact           bool   `long:"redact" description:"Redact secrets from log messages and leaks"`
+	Debug            bool   `long:"debug" description:"Log debug messages"`
+	NoGit            bool   `long:"no-git" description:"Treat git repos as plain directories and scan those files"`
+	CodeOnLeak       int    `long:"leaks-exit-code" default:"1" description:"Exit code when leaks have been encountered"`
+	AppendRepoConfig bool   `long:"append-repo-config" description:"Append the provided or default config with the repo config."`
+	AdditionalConfig string `long:"additional-config" description:"Path to an additional gitleaks config to append with an existing config. Can be used with --append-repo-config to append up to three configurations"`
 
 	// Report Options
 	Report       string `short:"o" long:"report" description:"Report output path"`
diff --git a/scan/commit.go b/scan/commit.go
index 423f617..edc36e3 100644
--- a/scan/commit.go
+++ b/scan/commit.go
@@ -43,6 +43,14 @@ func (cs *CommitScanner) SetRepoName(repoName string) {
 func (cs *CommitScanner) Scan() (Report, error) {
 	var scannerReport Report
 
+	defer func() {
+		if err := recover(); err != nil {
+			// sometimes the Patch generation will fail due to a known bug in
+			// sergi's go-diff: https://github.com/sergi/go-diff/issues/89.
+			return
+		}
+	}()
+
 	if cs.cfg.Allowlist.CommitAllowed(cs.commit.Hash.String()) {
 		return scannerReport, nil
 	}
@@ -62,7 +70,7 @@ func (cs *CommitScanner) Scan() (Report, error) {
 	}
 
 	patch, err := parent.Patch(cs.commit)
-	if err != nil {
+	if err != nil || patch == nil {
 		return scannerReport, fmt.Errorf("could not generate Patch")
 	}
 
diff --git a/scan/sarif.go b/scan/sarif.go
index 4ec6328..e58b5f2 100644
--- a/scan/sarif.go
+++ b/scan/sarif.go
@@ -110,7 +110,8 @@ func configToRules(cfg config.Config) []Rules {
 }
 
 func leaksToResults(leaks []Leak) []Results {
-	var results []Results
+	results := make([]Results, 0)
+
 	for _, leak := range leaks {
 		results = append(results, Results{
 			Message: Message{
diff --git a/scan/scan.go b/scan/scan.go
index d36c00e..931d15b 100644
--- a/scan/scan.go
+++ b/scan/scan.go
@@ -45,6 +45,13 @@ func NewScanner(opts options.Options, cfg config.Config) (Scanner, error) {
 		return nil, err
 	}
 	if st == typeDirScanner {
+		if opts.AdditionalConfig != "" {
+			additionalCfg, err := config.LoadAdditionalConfig(opts.AdditionalConfig)
+			if err != nil {
+				return nil, err
+			}
+			cfg = cfg.AppendConfig(additionalCfg)
+		}
 		return NewParentScanner(opts, cfg), nil
 	}
 
@@ -56,12 +63,26 @@ func NewScanner(opts options.Options, cfg config.Config) (Scanner, error) {
 		}
 	}
 
-	// load up alternative config if possible, if not use manager's config
+	// load up alternative config if possible, if not use default/specified config. Will append if AppendRepoConfig is true
 	if opts.RepoConfigPath != "" && !opts.NoGit {
-		cfg, err = config.LoadRepoConfig(repo, opts.RepoConfigPath)
+		repoCfg, err := config.LoadRepoConfig(repo, opts.RepoConfigPath)
+		if err != nil {
+			return nil, err
+		}
+		if opts.AppendRepoConfig {
+			cfg = cfg.AppendConfig(repoCfg)
+		} else {
+			cfg = repoCfg
+		}
+	}
+
+	// append additional config with the rest of the config
+	if opts.AdditionalConfig != "" {
+		additionalCfg, err := config.LoadAdditionalConfig(opts.AdditionalConfig)
 		if err != nil {
 			return nil, err
 		}
+		cfg = cfg.AppendConfig(additionalCfg)
 	}
 
 	switch st {
diff --git a/scan/scan_test.go b/scan/scan_test.go
index da0a43d..243b6f4 100644
--- a/scan/scan_test.go
+++ b/scan/scan_test.go
@@ -441,6 +441,16 @@ func TestScan(t *testing.T) {
 			},
 			wantPath: "../test_data/test_allow_list_file.json",
 		},
+		{
+			description: "test allowlist files",
+			opts: options.Options{
+				Path:         "../test_data/test_repos/test_repo_10",
+				Report:       "../test_data/test_allow_list_file.json.got",
+				ReportFormat: "json",
+				ConfigPath:   "../test_data/test_configs/allowlist_files.toml",
+			},
+			wantPath: "../test_data/test_allow_list_file.json",
+		},
 		{
 			description: "test allowlist files no-git",
 			opts: options.Options{
@@ -464,27 +474,63 @@ func TestScan(t *testing.T) {
 			wantPath: "../test_data/test_allow_list_docx_no_git.json",
 		},
 		{
-			description: "test local repo two allowlist Commit config",
+			description: "test append repo config",
 			opts: options.Options{
-				Path:          "../test_data/test_repos/test_repo_2",
-				Report:        "../test_data/test_local_repo_two_allowlist_commits_files_at_commit.json.got",
-				ConfigPath:    "../test_data/test_configs/allowlist_commit.toml",
-				ReportFormat:  "json",
-				FilesAtCommit: "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+				Path:             "../test_data/test_repos/test_repo_10",
+				Report:           "../test_data/test_append_repo.json.got",
+				ReportFormat:     "json",
+				ConfigPath:       "../test_data/test_configs/nozips.toml",
+				RepoConfigPath:   ".gitleaks.toml",
+				AppendRepoConfig: true,
+			},
+			wantPath: "../test_data/test_append_repo.json",
+		},
+		{
+			description: "test additional config",
+			opts: options.Options{
+				Path:             "../test_data/test_repos/test_repo_10",
+				Report:           "../test_data/test_additional_config.json.got",
+				ReportFormat:     "json",
+				ConfigPath:       "../test_data/test_configs/nozips.toml",
+				AdditionalConfig: "../test_data/test_repos/test_repo_10/.gitleaks.toml",
+			},
+			wantPath: "../test_data/test_additional_config.json",
+		},
+		{
+			description: "test append repo config with additional config",
+			opts: options.Options{
+				Path:             "../test_data/test_repos/test_repo_10",
+				Report:           "../test_data/test_append_repo_additional_config.json.got",
+				ReportFormat:     "json",
+				ConfigPath:       "../test_data/test_configs/nozips.toml",
+				RepoConfigPath:   ".gitleaks.toml",
+				AppendRepoConfig: true,
+				AdditionalConfig: "../test_data/test_configs/allowlist_bad_docx_10.toml",
 			},
-			wantPath:  "../test_data/test_local_repo_two_allowlist_commits_files_at_commit.json",
 			wantEmpty: true,
 		},
 		{
-			description: "test local repo two global allowlist commit config",
+			description: "test append repo config with additional config",
 			opts: options.Options{
-				Path:          "../test_data/test_repos/test_repo_2",
-				Report:        "../test_data/test_local_repo_two_global_allowlist_files_at_commit.json.got",
-				ConfigPath:    "../test_data/test_configs/allowlist_global_files.toml",
-				ReportFormat:  "json",
-				FilesAtCommit: "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+				Path:             "../test_data/test_repos/test_repo_10",
+				Report:           "../test_data/test_append_repo_additional_config.json.got",
+				ReportFormat:     "json",
+				ConfigPath:       "../test_data/test_configs/nozips.toml",
+				RepoConfigPath:   ".gitleaks.toml",
+				AppendRepoConfig: true,
+				AdditionalConfig: "../test_data/test_configs/allowlist_bad_docx_10.toml",
+			},
+			wantEmpty: true,
+		},
+		{
+			description: "test file with no leak due to additional config no git",
+			opts: options.Options{
+				Path:             "../test_data/test_repos/test_dir_1",
+				Report:           "../test_data/fail.json.got",
+				ReportFormat:     "json",
+				NoGit:            false,
+				AdditionalConfig: "../test_data/test_configs/allowlist_allow_all_repo_1.toml",
 			},
-			wantPath:  "../test_data/test_local_repo_two_global_allowlist_files_at_commit.json",
 			wantEmpty: true,
 		},
 	}
diff --git a/scan/unstaged.go b/scan/unstaged.go
index c7fc35b..6468e81 100644
--- a/scan/unstaged.go
+++ b/scan/unstaged.go
@@ -66,7 +66,7 @@ func (us *UnstagedScanner) Scan() (Report, error) {
 			// Check individual file path ONLY rules
 			for _, rule := range us.cfg.Rules {
 				if rule.HasFileOrPathLeakOnly(fn) {
-					leak := NewLeak("", "Filename or path offender: "+ fn, defaultLineNumber)
+					leak := NewLeak("", "Filename or path offender: "+fn, defaultLineNumber)
 					leak.Repo = us.repoName
 					leak.File = fn
 					leak.RepoURL = us.opts.RepoURL
diff --git a/test_data/test_additional_config.json b/test_data/test_additional_config.json
new file mode 100644
index 0000000..22abef3
--- /dev/null
+++ b/test_data/test_additional_config.json
@@ -0,0 +1,18 @@
+[
+ {
+  "line": "",
+  "lineNumber": 1,
+  "offender": "Filename or path offender: tmp/bad.docx",
+  "commit": "b0f9b62dfe12e4e10de180359c6b9276472494f8",
+  "repo": "test_repo_10",
+  "repoURL": "",
+  "leakURL": "",
+  "rule": "Block dangerous filetypes",
+  "commitMessage": "Create bad.docx",
+  "author": "Zachary Rice",
+  "email": "zricer@protonmail.com",
+  "file": "tmp/bad.docx",
+  "date": "2020-12-09T11:02:10-05:00",
+  "tags": "key, extensions"
+ }
+]
diff --git a/test_data/test_append_repo.json b/test_data/test_append_repo.json
new file mode 100644
index 0000000..22abef3
--- /dev/null
+++ b/test_data/test_append_repo.json
@@ -0,0 +1,18 @@
+[
+ {
+  "line": "",
+  "lineNumber": 1,
+  "offender": "Filename or path offender: tmp/bad.docx",
+  "commit": "b0f9b62dfe12e4e10de180359c6b9276472494f8",
+  "repo": "test_repo_10",
+  "repoURL": "",
+  "leakURL": "",
+  "rule": "Block dangerous filetypes",
+  "commitMessage": "Create bad.docx",
+  "author": "Zachary Rice",
+  "email": "zricer@protonmail.com",
+  "file": "tmp/bad.docx",
+  "date": "2020-12-09T11:02:10-05:00",
+  "tags": "key, extensions"
+ }
+]
diff --git a/test_data/test_configs/allowlist_allow_all_repo_1.toml b/test_data/test_configs/allowlist_allow_all_repo_1.toml
new file mode 100644
index 0000000..a372bde
--- /dev/null
+++ b/test_data/test_configs/allowlist_allow_all_repo_1.toml
@@ -0,0 +1,3 @@
+[allowlist]
+	description = "Allowlisted files"
+	files = [ '''server.test.py''','''server.test2.py''']
\ No newline at end of file
diff --git a/test_data/test_configs/allowlist_bad_docx_10.toml b/test_data/test_configs/allowlist_bad_docx_10.toml
new file mode 100644
index 0000000..7c1b233
--- /dev/null
+++ b/test_data/test_configs/allowlist_bad_docx_10.toml
@@ -0,0 +1,3 @@
+[allowlist]
+	description = "Allowlisted files"
+	files = [ '''bad.docx''']
\ No newline at end of file
diff --git a/test_data/test_configs/nozips.toml b/test_data/test_configs/nozips.toml
new file mode 100644
index 0000000..00465fe
--- /dev/null
+++ b/test_data/test_configs/nozips.toml
@@ -0,0 +1,4 @@
+
+[[rules]]
+	description = "No Zips"
+	file = '''.*\.zip'''