Skip to content

Chore: [AEA-0000] - use gitleaks for secret scanning#143

Merged
anthony-nhs merged 1 commit intomainfrom
gitleaks
Apr 17, 2026
Merged

Chore: [AEA-0000] - use gitleaks for secret scanning#143
anthony-nhs merged 1 commit intomainfrom
gitleaks

Conversation

@anthony-nhs
Copy link
Copy Markdown
Contributor

@anthony-nhs anthony-nhs commented Apr 17, 2026

use gitleaks for secret scanning

Copilot AI review requested due to automatic review settings April 17, 2026 10:31
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to migrate local secret-scanning to gitleaks by updating the repository’s pre-commit hooks, as part of the repo’s developer tooling and security checks.

Changes:

  • Replaces the local pre-commit git-secrets hook with a gitleaks hook.
  • Removes the .gitallowed allowlist file previously used with git-secrets.
  • Applies minor YAML formatting changes to some hook args/types_or lists.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.pre-commit-config.yaml Updates local pre-commit configuration to run gitleaks instead of git-secrets for secret scanning.
.gitallowed Removes the git-secrets allowlist file from the repo.

Comment thread .pre-commit-config.yaml
Comment on lines +50 to +55
description: gitleaks scans commits, commit messages, and --no-ff merges to
prevent adding secrets into your git repositories.
entry: bash
args:
- -c
- "git-secrets --pre_commit_hook"
- "gitleaks git --pre-commit --redact --staged --verbose"
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The gitleaks hook description looks like it was copied from the previous git-secrets hook (mentions scanning commit messages and --no-ff merges). With the current command (gitleaks ... --staged), it’s describing different behavior, which can confuse contributors. Please update the description to match what this hook actually scans and how it’s intended to be used in this repo.

Copilot uses AI. Check for mistakes.
Comment thread .pre-commit-config.yaml
Comment on lines +48 to 56
- id: gitleaks
name: Git Leaks
description: gitleaks scans commits, commit messages, and --no-ff merges to
prevent adding secrets into your git repositories.
entry: bash
args:
- -c
- "git-secrets --pre_commit_hook"
- "gitleaks git --pre-commit --redact --staged --verbose"
language: system
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR switches the local pre-commit secret scan from git-secrets to gitleaks, and also removes the repo’s .gitallowed allowlist. However, the repository still appears to run git-secrets-based scanning in CI (e.g. quality-checks-devcontainer.yml runs git-secrets / make secret-scan). That mismatch makes the change incomplete and could cause CI failures or different secret-scanning results between local and CI (especially now that .gitallowed is gone). Please align CI and local secret scanning to the same tool (migrate CI to gitleaks too, or keep git-secrets/allowlist until CI is updated).

Copilot uses AI. Check for mistakes.
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 17, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@anthony-nhs anthony-nhs merged commit bda627e into main Apr 17, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthony-nhs