- Comparatively fast when scanning large repos (as it is a compiled Golang binary)
- It can run on all platforms that Golang supports.
- User can add custom regex to detect more secrets
- Allows whitelisting of detected secrets / false positives
- Allows audit of GitLab and GitHub repos, groups and orgs.
There are an article on how to add Gitleaks to Gitlab pipeline by Cyber Defence Lab. But the CI pipeline is not quite optimised. In this experiment, I will show you how to implement gitleaks to GitLab CI pipeline.
Setting up gitleaks on Gitlab CI
Gitleaks is available as docker image. We can directly download use them on our Gitlab CI config. Gitleaks scans for all commits. It can be optimised to scan the new commits that were recently pushed to a particular branch.
stages: - secrets-detection gitleaks: stage: secrets-detection image: name: "zricethezav/gitleaks" entrypoint: [""] script: gitleaks -v --pretty --repo-path . --commit-from=$CI_COMMIT_SHA --commit-to=$CI_COMMIT_BEFORE_SHA --branch=$CI_COMMIT_BRANCH