gitleaks

What

gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.

Why

Raise security incidents early by detecting secret leaks and raising Github security code scanning alerts.

How

The mechanism to detect secrets and protect (undo commit with a secret) is described here.

CI setup

Summary

No configuration required.

A gitleaks detect command is run via a gitleaks Github workflow in .github/workflows/gitleaks.yml.

Info

The gitleaks Github action has a paid license restriction, therefore a custom workflow has been setup instead. It will fail the secret scan if secrets are detected and push alerts to Github security.

Local setup

Done

This is already configured for you via pre-commit.