-
Notifications
You must be signed in to change notification settings - Fork 0
Chore: [AEA-0000] - use gitleaks for secret scanning #143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,7 +20,7 @@ repos: | |
| - id: grype-scan-local | ||
| name: Grype scan local changes | ||
| entry: make | ||
| args: ["grype-scan-local"] | ||
| args: [ "grype-scan-local" ] | ||
| language: system | ||
| pass_filenames: false | ||
| always_run: true | ||
|
|
@@ -45,30 +45,31 @@ repos: | |
| pass_filenames: false | ||
| always_run: true | ||
|
|
||
| - id: git-secrets | ||
| name: Git Secrets | ||
| description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories. | ||
| - id: gitleaks | ||
| name: Git Leaks | ||
| description: gitleaks scans commits, commit messages, and --no-ff merges to | ||
| prevent adding secrets into your git repositories. | ||
| entry: bash | ||
| args: | ||
| - -c | ||
| - "git-secrets --pre_commit_hook" | ||
| - "gitleaks git --pre-commit --redact --staged --verbose" | ||
| language: system | ||
|
Comment on lines
+48
to
56
|
||
|
|
||
| - id: lint-githubactions | ||
| name: Lint github actions | ||
| entry: make | ||
| args: ["lint-githubactions"] | ||
| args: [ "lint-githubactions" ] | ||
| language: system | ||
| files: ^.github | ||
| types_or: [yaml] | ||
| types_or: [ yaml ] | ||
| pass_filenames: false | ||
|
|
||
| - id: lint-githubaction-scripts | ||
| name: Lint github action scripts | ||
| entry: make | ||
| args: ["lint-githubaction-scripts"] | ||
| args: [ "lint-githubaction-scripts" ] | ||
| language: system | ||
| files: ^.github/scripts | ||
| types_or: [sh, shell] | ||
| types_or: [ sh, shell ] | ||
| pass_filenames: false | ||
| fail_fast: true | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The gitleaks hook description looks like it was copied from the previous git-secrets hook (mentions scanning commit messages and
--no-ffmerges). With the current command (gitleaks ... --staged), it’s describing different behavior, which can confuse contributors. Please update the description to match what this hook actually scans and how it’s intended to be used in this repo.