Почетна Преглед Помоћ
Пријавите се
LBP
/
gitleaks
огледало од https://github.com/gitleaks/gitleaks.git
4
0
Креирај огранак 0
Датотеке Дискусије 0 Вики

Нема описа

Дрво: 2810eccc82
Гране Ознаке
gitleaks
ZIP TAR.GZ
Zachary Rice 2810eccc82 Merge pull request #329 from zricethezav/bug/commit-scan пре 6 година
.github cdd654eab7 pr template пре 6 година
audit d13e0fdfde adding more tests пре 6 година
config ce95cafd54 fixing modules, adding v3 in path пре 6 година
examples 3211cfbbb1 fixing a bug, adding csv report option and leak caching пре 6 година
hosts ce95cafd54 fixing modules, adding v3 in path пре 6 година
manager ce95cafd54 fixing modules, adding v3 in path пре 6 година
options 5a300c3c64 fixing --commit bug, adding --files-at-commit option пре 6 година
test_data baff419091 removing hooks пре 6 година
version e446ba0738 fixing all golint and adding some more tests пре 6 година
.gitignore ce95cafd54 fixing modules, adding v3 in path пре 6 година
.travis.yml 8ef16d9efb Bump golang to v1.13.4 пре 6 година
Dockerfile 4f0c9dcede adding docker push support again to Make and fixed a go vet nit пре 6 година
LICENSE 274e8212a6 adding license пре 6 година
Makefile 7b48cadf6d fixing version loading in makefile пре 6 година
README.md 6eab8a7a0a Update README.md пре 6 година
go.mod ce95cafd54 fixing modules, adding v3 in path пре 6 година
go.sum a0f72a4e35 Adding commit range feature via 'commit-to' and 'commit-from' options пре 6 година
main.go ce95cafd54 fixing modules, adding v3 in path пре 6 година

README.md

Gitleaks

Travis

Audit git repos for secrets. Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git repositories. As part of its core functionality, it provides:

  • Audits for uncommitted changes
  • Github and Gitlab support including support for bulk organization and repository owner (user) repository scans, as well as pull/merge request scanning for use in common CI workflows.
  • Support for private repository scans, and repositories that require key based authentication
  • Output in JSON formats for consumption in other reporting tools and frameworks
  • Externalised configuration for environment specific customisation including regex rules
  • High performance through the use of src-d's go-git framework
repo scan

pre commit scan

Getting Started

Written in Go, gitleaks is available in binary form for many popular platforms and OS types from the releases page. Alternatively, executed via Docker or it can be installed using Go directly, as per the below;

MacOS

brew install gitleaks

Docker

docker pull zricethezav/gitleaks

Go

Ensure GO111MODULE=on is set as an env var

go get github.com/zricethezav/gitleaks/v3@latest

Usage

gitleaks has a wide range of configuration options that can be adjusted at runtime or via a configuration file based on your specific requirements.

Usage:
  gitleaks [OPTIONS]

Application Options:
  -v, --verbose        Show verbose output from audit
  -r, --repo=          Target repository
      --config=        config path
      --disk           Clones repo(s) to disk
      --version        version number
      --username=      Username for git repo
      --password=      Password for git repo
      --access-token=  Access token for git repo
      --commit=        sha of commit to audit
      --threads=       Maximum number of threads gitleaks spawns
      --ssh-key=       path to ssh key used for auth
      --uncommitted    run gitleaks on uncommitted code
      --repo-path=     Path to repo
      --owner-path=    Path to owner directory (repos discovered)
      --branch=        Branch to audit
      --report=        path to write json leaks file
      --report-format= json or csv (default: json)
      --redact         redact secrets from log messages and leaks
      --debug          log debug messages
      --repo-config    Load config from target repo. Config file must be ".gitleaks.toml" or "gitleaks.toml"
      --pretty         Pretty print json if leaks are present
      --commit-from=   Commit to start audit from
      --commit-to=     Commit to stop audit
      --timeout=       Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s
      --depth=         Number of commits to audit

      --host=          git hosting service like gitlab or github. Supported hosts include: Github, Gitlab
      --baseurl=       Base URL for API requests. Defaults to the public GitLab or GitHub API, but can be set to a domain endpoint to use with a self hosted server.
      --org=           organization to audit
      --user=          user to audit
      --pr=            pull/merge request url
      --exclude-forks  audit excludes forks

Help Options:
  -h, --help           Show this help message

Docker usage examples

Run gitleaks against:

Public repository
docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git
Local repository already cloned into /tmp/
docker run --rm --name=gitleaks -v /tmp/:/code/ zricethezav/gitleaks -v --repo-path=/code/gitleaks

By default repos cloned to memory. Using --disk for clone to disk or you can quickly out of memory.

For speed up analyze operation using --threads parameter, which set to ALL - 1 threads at your instance CPU.

Exit Codes

Gitleaks provides consistent exist codes to assist in automation workflows such as CICD platforms and bulk scanning.

0: no leaks
1: leaks present
2: error encountered

Give Thanks

If using gitleaks has made your job easier consider sponsoring me through github's sponsorship program or donating to one of Sam's favorite places, the Japan House on the University of Illinois at Urbana-Champaign's campus: https://japanhouse.illinois.edu/make-a-gift