Published by zricethezav over 2 years ago
name
so this action can be published on the marketplacePublished by zricethezav over 2 years ago
GITLEAKS_ENABLE_SUMMARY
env var option to enable or disable Gitleaks-action job summaries (defaults to true)GITLEAKS_ENABLE_UPLOAD_ARTIFACT
env var option to enable or disable Gitleaks-action job artifact uploads (defaults to true)Published by zricethezav over 2 years ago
Gitleaks-Action Version 2 brings a range of new features including:
You can now use workflow_dispatch
events to trigger on demand gitleaks scans.
Not much more to say here. Download reports when leaks are present. Pretty useful feature.
The latest version of gitleaks (v8.8.6 at the time of writing) has better performance, more configuration options, and is more accurate than the previous major version.
Easy to understand report of a Gitleaks job. If no leaks are detected you'll see:
If leaks are detected you'll see something like:
Gitleaks-Action Version 2 does not rely on Docker build anymore.
If a leak is encountered during a pull request, gitleaks-action will comment on the line number and commit containing the secret.
git log
to determine the range of commits. Version 2 of gitleaks-action ensures that only relevent commits are scanned by leveraging Action context and GitHub's API.Before enabling Gitleaks-Action Version 2, you will need to obtain a gitleaks-action license key from gitleaks.io if you are using gitleaks within the context of an organization. If you are using gitleaks-aciton on a user account's repo, you do not need a license key. You can sign up for a free license key that will grant you access to use gitleaks-action on one repo. The free tier sign up link will take you to a google forms page where you can fill out your information. After filling out your information, you should receive an email similar to the one below.
NOTE: be patient with the free tier, the google forms API can be slow.
NOTE: 1 free license per account.
If you would like access to more repos for your organization or personal account, you can subscribe to one of the paid tiers which will grant you access to use Gitleaks-Action Version 2 on 10, 100, or 1000 repos.
GITLEAKS_LICENSE
secretAfter getting a license key, head over to your github organization's or repo's settings and set GITLEAKS_LICENSE
as a secret. Great! You can now run gitleaks-action v2:
name: gitleaks
on: [pull_request, push, workflow_dispatch]
jobs:
scan:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: zricethezav/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
Published by zricethezav over 3 years ago
Floating v1.0 release
Published by zricethezav over 3 years ago
Published by zricethezav over 3 years ago
Updated version of Gitleaks to v7.3.0 in Dockerfile
Published by zricethezav over 3 years ago
Published by zricethezav over 3 years ago
Published by zricethezav almost 4 years ago
Published by zricethezav about 4 years ago
Removing rm
so we get the right exit code
Published by zricethezav about 4 years ago
Use --commits-file
instead of commit-from
and commit-to
Published by zricethezav over 4 years ago
Fixing typo
Published by zricethezav over 4 years ago
Removing test echo
Published by zricethezav over 4 years ago
Publishing gitleaks action to the marketplace
Published by zricethezav over 4 years ago