Skip to content

Chore: [AEA-0000] - use gitleaks for secret scanning#3

Merged
anthony-nhs merged 1 commit intomainfrom
gitleaks
Apr 17, 2026
Merged

Chore: [AEA-0000] - use gitleaks for secret scanning#3
anthony-nhs merged 1 commit intomainfrom
gitleaks

Conversation

@anthony-nhs
Copy link
Copy Markdown
Collaborator

@anthony-nhs anthony-nhs commented Apr 17, 2026

use gitleaks for secret scanning

Copilot AI review requested due to automatic review settings April 17, 2026 10:48
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates pre-commit secret scanning to use gitleaks instead of git-secrets.

Changes:

  • Replace the local git-secrets pre-commit hook with a gitleaks hook invocation.
  • Remove the .gitallowed allowlist file that was used with git-secrets.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.pre-commit-config.yaml Swaps secret-scanning hook to run gitleaks during pre-commit.
.gitallowed Removes the git-secrets allowlist file now that git-secrets is no longer used.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .pre-commit-config.yaml
- -c
- 'git-secrets --pre_commit_hook'
- "gitleaks git --pre-commit --redact --staged --verbose"
language: system
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pass_filenames is omitted for this local hook. Since the command already determines what to scan via --staged (and all other local hooks in this file set pass_filenames: false), pre-commit will append a potentially large list of filenames to the bash -c invocation, which can hit OS arg length limits and is unnecessary. Add pass_filenames: false to this hook for consistency and to avoid oversized command lines.

Suggested change
language: system
language: system
pass_filenames: false

Copilot uses AI. Check for mistakes.
Comment thread .pre-commit-config.yaml
description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
- id: gitleaks
name: Git Leaks
description: gitleaks scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hook description appears to be carried over from git-secrets (mentions scanning commit messages and --no-ff merges). Gitleaks’ pre-commit integration generally scans content (e.g., staged changes), not commit messages, so this description is misleading; update it to accurately reflect what this hook actually checks.

Suggested change
description: gitleaks scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
description: gitleaks scans staged changes for secrets before they are committed to the repository.

Copilot uses AI. Check for mistakes.
@anthony-nhs anthony-nhs merged commit 366f26d into main Apr 17, 2026
13 checks passed
@anthony-nhs anthony-nhs deleted the gitleaks branch April 17, 2026 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthony-nhs