custom rules
create a github action for your repo in .github/workflows/.gitleaks.yml
name: gitleaks
on: [push,pull_request]
jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: '1'
- name: wget
uses: wei/wget@v1
with:
args: -O .gitleaks.toml https://raw.githubusercontent.com/ycjcl868/gitleaks/master/.gitleaks.toml
- name: gitleaks-action
uses: zricethezav/gitleaks-action@master
About fetch-depth
:
create a .gitleaks.toml
in the root of your repo directory.
name: gitleaks
on: [push,pull_request]
jobs:
gitleaks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: '1'
- name: gitleaks-action
uses: zricethezav/gitleaks-action@master
add rules in .gitleaks.toml
and add test cases in package-lock.json
.
The content of package-lock.json
:
{
// This is description in .gitleaks.toml
"Github Token": {
// testCase String <=> expectValue
"a3k2k3k3k3k3k3k3k3k3k3k3k33232k12ksk": true,
"a3k2k3k3k3k3k3k3k3k3k3k3k3k12k1": false
}
}