Zachary Rice
c50906373c
update to V7 (#469)
|
hace 5 años | |
|---|---|---|
| .github | hace 6 años | |
| config | hace 5 años | |
| examples | hace 5 años | |
| options | hace 5 años | |
| report | hace 5 años | |
| scan | hace 5 años | |
| test_data | hace 5 años | |
| version | hace 6 años | |
| .gitignore | hace 6 años | |
| .travis.yml | hace 5 años | |
| Dockerfile | hace 5 años | |
| LICENSE | hace 6 años | |
| Makefile | hace 5 años | |
| README.md | hace 5 años | |
| go.mod | hace 5 años | |
| go.sum | hace 5 años | |
| main.go | hace 5 años |
README.md
Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks aims to be the easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
Features:
- Scan for commited secrets
- Scan for uncommitted secrets as part of shifting security left
- Scan for entire directories and files
- Available Github Action
- Custom rules via toml configuration
- High performance using go-git
- JSON, SARIF, and CSV reporting
- Private repo scans using key or password based authentication
Installation
Written in Go, gitleaks is available in binary form for many popular platforms and OS types from the releases page. Alternatively, executed via Docker or it can be installed using Go directly.
MacOS
brew install gitleaks
Docker
docker pull zricethezav/gitleaks
Go
GO111MODULE=on go get github.com/zricethezav/gitleaks/v6
Usage
Usage:
gitleaks [OPTIONS]
Application Options:
-v, --verbose Show verbose output from scan
-r, --repo-url= Repository URL
-p, --path= Path to directory (repo if contains .git) or file
-c, --config-path= Path to config
--repo-config-path= Path to gitleaks config relative to repo root
--clone-path= Path to clone repo to disk
--clone-cleanup= Deletes cloned repo after scan
--version Version number
--username= Username for git repo
--password= Password for git repo
--access-token= Access token for git repo
--threads= Maximum number of threads gitleaks spawns
--ssh-key= Path to ssh key used for auth
--unstaged Run gitleaks on unstaged code
--branch= Branch to scan
--redact Redact secrets from log messages and leaks
--debug Log debug messages
--no-git Treat git repos as plain directories and scan those
files
-o, --report= Report output path
-f, --format= JSON, CSV, SARIF (default: json)
--files-at-commit= Sha of commit to scan all files at commit
--commit= Sha of commit to scan or "latest" to scan the last
commit of the repository
--commits= Comma separated list of a commits to scan
--commits-file= Path to file of line separated list of commits to scan
--commit-from= Commit to start scan from
--commit-to= Commit to stop scan
--commit-since= Scan commits more recent than a specific date. Ex:
'2006-01-02' or '2006-01-02T15:04:05-0700' format.
--commit-until= Scan commits older than a specific date. Ex:
'2006-01-02' or '2006-01-02T15:04:05-0700' format.
--depth= Number of commits to scan
Help Options:
-h, --help Show this help message
Sponsors ❤️
Corporate Sponsors
Gamma proactively detects and remediates data leaks across cloud apps. Scan your public repos for secret leaks with Gamma
Individual Sponsors
These users are sponsors of gitleaks:
|
---|
Logo Attribution
The Gitleaks logo uses the Git Logo created Jason Long is licensed under the Creative Commons Attribution 3.0 Unported License.