Stack Overflow
Stack Overflow

Questions tagged [gitleaks]

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. Use this tag for questions related to gitleaks

17 questions
9
votes
3 answers

Translate docker run into subcomponents

I have this docker run command: docker run --rm --name=gitleaks \ -v "/keys/ssh/values:/root/.ssh" \ zricethezav/gitleaks \ --ssh-key='bucket' \ --repo "$line" I tranlated it to this: docker create zricethezav/gitleaks…
Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
3
votes
1 answer

Why is my exec command failing but works if the command is passed in the terminal?

For some reason I'm not understanding why I'm having an issue in my exec command and I believe I followed the documentation and examples I've referenced correctly. When I run this command in the terminal I do not have an issue: gitleaks…
DᴀʀᴛʜVᴀᴅᴇʀ
  • 7,681
  • 17
  • 73
  • 127
2
votes
2 answers

Run github action only on last commit

So I'm trying to run gitleaks through github-actions and using in their yaml file. My goal is to run the gitleaks only on the last commit, means that if someone got error because having leaks in the code he need to fix that and just commit again and…
Bernana
  • 245
  • 1
  • 12
2
votes
0 answers

Gitleaks not scanning private repo properly

So I am trying to run gitleaks on my organizations private GitHub page. This is the command I am using for reference: gitleaks --baseurl=company_url/api/v3/ --org="XXXX" --threads=10 --report="report.csv" --config="gitleaks.toml" --host=Github…
Tom Smith
  • 57
  • 5
1
vote
0 answers

gitleaks not working in spring boot project

In my .pre-commit-config.yaml file I have this : repos: - repo: https://github.com/zricethezav/gitleaks rev: v8.17.0 hooks: - id: gitleaks args: - detect In one of my child project of spring boot application I…
focode
  • 648
  • 1
  • 16
  • 39
1
vote
1 answer

How to scan a remote repo with gitleaks

I'm trying to scan a remote repo using Gitleaks (https://github.com/gitleaks/gitleaks). I'v read the doc and a couple of examples, showing that you can use --access-token and --repo-url to scan a remote repository but now that i built the sources i…
Quentin_otd
  • 233
  • 1
  • 3
  • 16
1
vote
1 answer

Gitleak Scan - Avoid previous Commits

My gitleaks scan reports are generating the History of the failure from previous Commits. I've got those failures fixed.But still the previous histories are appearing in the gitleak scan report in jenkins. Can anyone have any idea on how to avoid…
Samyutha Rj
  • 11
  • 1
1
vote
1 answer

I want to apply the regular expression used in gitleaks in secretlint

I am now trying to migrate from gitleaks to a tool called secretlint. Originally, there was a warning in the generic-api-key rule when executing gitleaks, but after moving to secretlint, the warning no longer occurs. Specifically, I wrote the…
tom yam
  • 117
  • 7
1
vote
0 answers

error: pathspec 'HEAD^2' did not match any file(s) known to git

I'm trying to make Pull Requests to collaborate with an existing repo, so I forked it, then clone it, make the changes, create a branch, add, commit and push, then go to my GitHub to "Compare & Pull Request". Everything looks fine, but then it can't…
Lucy_in_the_sky_with_diamonds
  • 85
  • 1
  • 8
0
votes
1 answer

GitLab Secrets Detection - Pipeline doesn't fail - Only checks last commit

In order to implement secrets detector via pipeline on merge requests in my GitLab repository, I followed this document from GitLab here: "Enable Secret Detection | Edit the .gitlab.ci.yml file manually" But the pipeline doesn't fail if any secrets…
Abdullah Khawer
  • 4,461
  • 4
  • 29
  • 66
0
votes
1 answer

Pipeline failure on secret detection - Gitlab

I am trying to implement a gitlab pipeline used to detect secrets on commits before they are pushed, and prevent the commits from going live. The detection part works just fine. However the pipeline always marks the job as successful, even though…
consumedbymadness
  • 1
  • 1
0
votes
1 answer

I am not able to run gitleaks docker image

I am trying to run the gitleaks docker image, but it is not scanning the code and giving me the error. But if I am doing the same by installing gitleaks then it is scanning the entire code. I am using webgoat as vulnerable code for scanning and…
Mark tad
  • 1
  • 1
0
votes
1 answer

GitHub Marketplace SAST tool gitleaks

Hi Github & Gitleak Users, I wanted to use a SAST tool gitleaks / gitleaks-action which is available on gihub marketplace and it fits our requirement. My concern is , Since the scanner going to run on public and private repo of our GitHub…
rgh
  • 40
  • 2
  • 11
0
votes
0 answers

Scanning GitHub repo using Gitleaks

I'm scanning my GitHub repo to find hardcoded passwords in the source code. I'm using Gitleaks for that and running it by docker commands. The size of the repo is 2 Gb. The scan has gone for 14 hours and still going and not showing any progress bar…
Siddharth C
  • 39
  • 1
  • 9
0
votes
1 answer

What is the docker run -r flag

I am looking at this repo: https://github.com/zricethezav/gitleaks To run with Docker we'd use docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git I am having trouble figuring out what the -r flag…
user5047085
1
2