|
|
@@ -26,9 +26,9 @@ const banner = `
|
|
|
const configDescription = `config file path
|
|
|
order of precedence:
|
|
|
1. --config/-c
|
|
|
-2. (--source/-s)/.gitleaks.toml
|
|
|
-if --config/-c is not set and no (--source/s)/.gitleaks.toml is present
|
|
|
-then .gitleaks.toml will be written to (--source/-s)/.gitleaks.toml for future use`
|
|
|
+2. env var GITLEAKS_CONFIG
|
|
|
+3. (--source/-s)/.gitleaks.toml
|
|
|
+If none of the three options are used, then gitleaks will use the default config`
|
|
|
|
|
|
var rootCmd = &cobra.Command{
|
|
|
Use: "gitleaks",
|
|
|
@@ -38,10 +38,10 @@ var rootCmd = &cobra.Command{
|
|
|
func init() {
|
|
|
cobra.OnInitialize(initLog)
|
|
|
rootCmd.PersistentFlags().StringP("config", "c", "", configDescription)
|
|
|
- rootCmd.PersistentFlags().Int("exit-code", 1, "exit code when leaks have been encountered (default: 1)")
|
|
|
+ rootCmd.PersistentFlags().Int("exit-code", 1, "exit code when leaks have been encountered")
|
|
|
rootCmd.PersistentFlags().StringP("source", "s", ".", "path to source (default: $PWD)")
|
|
|
rootCmd.PersistentFlags().StringP("report-path", "r", "", "report file")
|
|
|
- rootCmd.PersistentFlags().StringP("report-format", "f", "", "output format (json, csv, sarif)")
|
|
|
+ rootCmd.PersistentFlags().StringP("report-format", "f", "json", "output format (json, csv, sarif)")
|
|
|
rootCmd.PersistentFlags().StringP("log-level", "l", "info", "log level (debug, info, warn, error, fatal)")
|
|
|
rootCmd.PersistentFlags().BoolP("verbose", "v", false, "show verbose output from scan")
|
|
|
rootCmd.PersistentFlags().Bool("redact", false, "redact secrets from logs and stdout")
|
|
|
@@ -78,7 +78,11 @@ func initConfig() {
|
|
|
}
|
|
|
if cfgPath != "" {
|
|
|
viper.SetConfigFile(cfgPath)
|
|
|
- log.Debug().Msgf("Using gitleaks config %s", cfgPath)
|
|
|
+ log.Debug().Msgf("Using gitleaks config %s from `--config`", cfgPath)
|
|
|
+ } else if os.Getenv("GITLEAKS_CONFIG") != "" {
|
|
|
+ envPath := os.Getenv("GITLEAKS_CONFIG")
|
|
|
+ viper.SetConfigFile(envPath)
|
|
|
+ log.Debug().Msgf("Using gitleaks config from GITLEAKS_CONFIG env var: %s", envPath)
|
|
|
} else {
|
|
|
source, err := rootCmd.Flags().GetString("source")
|
|
|
if err != nil {
|
|
|
@@ -90,7 +94,7 @@ func initConfig() {
|
|
|
}
|
|
|
|
|
|
if !fileInfo.IsDir() {
|
|
|
- log.Debug().Msgf("Unable to write default gitleaks config to %s since --source=%s is a file, using default config",
|
|
|
+ log.Debug().Msgf("Unable to load gitleaks config from %s since --source=%s is a file, using default config",
|
|
|
filepath.Join(source, ".gitleaks.toml"), source)
|
|
|
viper.SetConfigType("toml")
|
|
|
viper.ReadConfig(strings.NewReader(config.DefaultConfig))
|
|
|
@@ -98,15 +102,12 @@ func initConfig() {
|
|
|
}
|
|
|
|
|
|
if _, err := os.Stat(filepath.Join(source, ".gitleaks.toml")); os.IsNotExist(err) {
|
|
|
- log.Debug().Msgf("No gitleaks config found, writing default gitleaks config to %s", filepath.Join(source, ".gitleaks.toml"))
|
|
|
- if err := os.WriteFile(filepath.Join(source, ".gitleaks.toml"), []byte(config.DefaultConfig), os.ModePerm); err != nil {
|
|
|
- log.Debug().Msgf("Unable to write default gitleaks config to %s, using default config", filepath.Join(source, ".gitleaks.toml"))
|
|
|
- viper.SetConfigType("toml")
|
|
|
- viper.ReadConfig(strings.NewReader(config.DefaultConfig))
|
|
|
- return
|
|
|
- }
|
|
|
+ log.Debug().Msgf("No gitleaks config found in path %s, using default gitleaks config", filepath.Join(source, ".gitleaks.toml"))
|
|
|
+ viper.SetConfigType("toml")
|
|
|
+ viper.ReadConfig(strings.NewReader(config.DefaultConfig))
|
|
|
+ return
|
|
|
} else {
|
|
|
- log.Debug().Msgf("Using existing gitleaks config %s", filepath.Join(source, ".gitleaks.toml"))
|
|
|
+ log.Debug().Msgf("Using existing gitleaks config %s from `(--source)/.gitleaks.toml`", filepath.Join(source, ".gitleaks.toml"))
|
|
|
}
|
|
|
|
|
|
viper.AddConfigPath(source)
|
Zachary Rice