Scan files at latest commit (#348)

* Inspect files at latest commit

Added option to scan files at latest commit

* Files at latest commit test

README.md

@@ -67,7 +67,7 @@ Application Options:
       --password=        Password for git repo
       --access-token=    Access token for git repo
       --commit=          sha of commit to audit
-      --files-at-commit= sha of commit to audit all files at commit
+      --files-at-commit= sha of commit to audit all files at commit or "latest" to scan the last commit of the repository
       --threads=         Maximum number of threads gitleaks spawns
       --ssh-key=         path to ssh key used for auth
       --uncommitted      run gitleaks on uncommitted code

audit/audit_test.go

@@ -243,6 +243,16 @@ func TestAudit(t *testing.T) {
 			},
 			wantPath: "../test_data/test_local_repo_five_files_at_commit.json",
 		},
+		{
+			description: "test local repo five files at latest commit",
+			opts: options.Options{
+				RepoPath:      "../test_data/test_repos/test_repo_5",
+				Report:        "../test_data/test_local_repo_five_files_at_latest_commit.json.got",
+				FilesAtCommit: "latest",
+				ReportFormat:  "json",
+			},
+			wantPath: "../test_data/test_local_repo_five_files_at_commit.json",
+		},
 		{
 			description: "test local repo five at commit",
 			opts: options.Options{

audit/repo.go

@@ -224,6 +224,15 @@ func (repo *Repo) Audit() error {
 	if repo.Manager.Opts.Commit != "" {
 		return inspectCommit(repo.Manager.Opts.Commit, repo, inspectCommitPatches)
 	} else if repo.Manager.Opts.FilesAtCommit != "" {
+		if repo.Manager.Opts.FilesAtCommit == "latest" {
+			// Getting the latest commit on the current branch
+			// ... retrieving the branch being pointed by HEAD
+			ref, err := repo.Repository.Head()
+			if err != nil {
+				return err
+			}
+			return inspectCommit(ref.Hash().String(), repo, inspectFilesAtCommit)
+		}
 		return inspectCommit(repo.Manager.Opts.FilesAtCommit, repo, inspectFilesAtCommit)
 	}