{"id":22924219,"url":"https://github.com/dariuszporowski/github-action-gitleaks","last_synced_at":"2025-08-10T00:07:44.077Z","repository":{"id":38297991,"uuid":"422702014","full_name":"DariuszPorowski/github-action-gitleaks","owner":"DariuszPorowski","description":"This GitHub Action allows you to run Gitleaks in your GitHub workflow.","archived":false,"fork":false,"pushed_at":"2025-03-12T03:14:33.000Z","size":103,"stargazers_count":21,"open_issues_count":4,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-23T18:33:06.519Z","etag":null,"topics":["devsecops","github-actions","gitleaks","sast","secrets","secrets-detection","secrets-management","secrets-scan","secrets-scanner","security-scan","security-scanner","static-code-analysis"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DariuszPorowski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-10-29T20:14:51.000Z","updated_at":"2025-03-12T03:07:44.000Z","dependencies_parsed_at":"2023-11-14T08:38:24.912Z","dependency_job_id":"b8ad9227-378f-4b2f-b34c-9d9447589444","html_url":"https://github.com/DariuszPorowski/github-action-gitleaks","commit_stats":{"total_commits":25,"total_committers":4,"mean_commits":6.25,"dds":"0.19999999999999996","last_synced_commit":"88923d91d6bf1a8262c3fc50812a93ef840b1bc5"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/DariuszPorowski/github-action-gitleaks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DariuszPorowski%2Fgithub-action-gitleaks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DariuszPorowski%2Fgithub-action-gitleaks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DariuszPorowski%2Fgithub-action-gitleaks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DariuszPorowski%2Fgithub-action-gitleaks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DariuszPorowski","download_url":"https://codeload.github.com/DariuszPorowski/github-action-gitleaks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DariuszPorowski%2Fgithub-action-gitleaks/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269655001,"owners_count":24454357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","github-actions","gitleaks","sast","secrets","secrets-detection","secrets-management","secrets-scan","secrets-scanner","security-scan","security-scanner","static-code-analysis"],"created_at":"2024-12-14T08:20:05.646Z","updated_at":"2025-08-10T00:07:44.045Z","avatar_url":"https://github.com/DariuszPorowski.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Action for Gitleaks\n\n[![GitHub - marketplace](https://img.shields.io/badge/marketplace-gitleaks--scanner-blue?logo=github\u0026style=flat-square)](https://github.com/marketplace/actions/gitleaks-scanner)\n[![GitHub - release](https://img.shields.io/github/v/release/DariuszPorowski/github-action-gitleaks?style=flat-square)](https://github.com/DariuszPorowski/github-action-gitleaks/releases/latest)\n[![GitHub - license](https://img.shields.io/github/license/DariuszPorowski/github-action-gitleaks?style=flat-square)](https://github.com/DariuszPorowski/github-action-gitleaks/blob/main/LICENSE)\n\nThis GitHub Action allows you to run [Gitleaks](https://github.com/gitleaks/gitleaks) in your CI/CD workflow.\n\n\u003e ⚠️ `v2` of this GitHub Action supports only the latest version of Gitleaks from v8 release.\n\n## Inputs\n\n| Name | Required | Type | Default value | Description |\n|------------------|:--------:|:------:|---------------------------------|----------------------------------------------------------------------------------|\n| source | false | string | $GITHUB_WORKSPACE | Path to source (relative to $GITHUB_WORKSPACE) |\n| config | false | string | /.gitleaks/UDMSecretChecks.toml | Config file path (relative to $GITHUB_WORKSPACE) |\n| baseline_path | false | string | *not set* | Path to baseline with issues that can be ignored (relative to $GITHUB_WORKSPACE) |\n| report_format | false | string | json | Report file format: json, csv, sarif |\n| no_git | false | bool | *not set* | Treat git repos as plain directories and scan those file |\n| redact | false | bool | true | Redact secrets from log messages and leaks |\n| fail | false | bool | true | Fail if secrets founded |\n| verbose | false | bool | true | Show verbose output from scan |\n| log_level | false | string | info | Log level (trace, debug, info, warn, error, fatal) |\n| exit_code | false | int | 1 | Exit code when leaks have been encountered |\n| log_opts | false | string | *not set* | Exit code when leaks have been encountered |\n| max_decode_depth | false | int | 0 | Allow recursive decoding up to this depth (default \"0\", no decoding is done) |\n| follow_symlinks | false | bool | false | Scan files that are symlinks to other files |\n\n\u003e ⚠️ The solution provides predefined configuration (See: [.gitleaks](https://github.com/DariuszPorowski/github-action-gitleaks/tree/main/.gitleaks) path). You can override it by yours config using relative to `$GITHUB_WORKSPACE`.\n\n## Outputs\n\n| Name | Description |\n|----------|--------------------------------------------------------|\n| exitcode | Success (code: 0) or failure (code: 1) value from scan |\n| result | Gitleaks result summary |\n| output | Gitleaks log output |\n| command | Gitleaks executed command |\n| report | Report file path |\n\n## Example usage\n\n\u003e ⚠️ You must use `actions/checkout` before the `github-action-gitleaks` step. If you are using `actions/checkout@v4` you must specify a commit depth other than the default which is 1.\n\u003e\n\u003e Using a `fetch-depth` of '0' clones the entire history. If you want to do a more efficient clone, use '2', but that is not guaranteed to work with pull requests.\n\n### Pull Request with comment\n\n```yaml\n---\nname: Secret Scan\n\non:\n pull_request:\n push:\n branches:\n - main\n\n# allow one concurrency\nconcurrency:\n group: ${{ format('{0}-{1}-{2}-{3}-{4}', github.workflow, github.event_name, github.ref, github.base_ref, github.head_ref) }}\n cancel-in-progress: true\n\njobs:\n gitleaks:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Run Gitleaks\n id: gitleaks\n uses: DariuszPorowski/github-action-gitleaks@v2\n with:\n fail: false\n\n - name: Post PR comment\n uses: actions/github-script@v7\n if: ${{ steps.gitleaks.outputs.exitcode == 1 \u0026\u0026 github.event_name == 'pull_request' }}\n with:\n github-token: ${{ github.token }}\n script: |\n const { GITLEAKS_RESULT, GITLEAKS_OUTPUT } = process.env\n const output = `### ${GITLEAKS_RESULT}\n\n \u003cdetails\u003e\u003csummary\u003eLog output\u003c/summary\u003e\n\n ${GITLEAKS_OUTPUT}\n\n \u003c/details\u003e\n `\n github.rest.issues.createComment({\n ...context.repo,\n issue_number: context.issue.number,\n body: output\n })\n env:\n GITLEAKS_RESULT: ${{ steps.gitleaks.outputs.result }}\n GITLEAKS_OUTPUT: ${{ steps.gitleaks.outputs.output }}\n```\n\n### With SARIF report\n\n```yaml\n- name: Checkout\n uses: actions/checkout@v4\n with:\n fetch-depth: 0\n\n- name: Run Gitleaks\n id: gitleaks\n uses: DariuszPorowski/github-action-gitleaks@v2\n with:\n report_format: sarif\n fail: false\n\n# (optional) It's just to see outputs from the Action\n# please note, the OUTPUT has to be passed via env vars!\n- name: Get the output from the gitleaks step\n run: |\n echo \"exitcode: ${{ steps.gitleaks.outputs.exitcode }}\"\n echo \"result: ${{ steps.gitleaks.outputs.result }}\"\n echo \"command: ${{ steps.gitleaks.outputs.command }}\"\n echo \"report: ${{ steps.gitleaks.outputs.report }}\"\n echo \"output: ${GITLEAKS_OUTPUT}\"\n env:\n GITLEAKS_OUTPUT: ${{ steps.gitleaks.outputs.output }}\n\n- name: Upload Gitleaks SARIF report to code scanning service\n if: ${{ steps.gitleaks.outputs.exitcode == 1 }}\n uses: github/codeql-action/upload-sarif@v3\n with:\n sarif_file: ${{ steps.gitleaks.outputs.report }}\n```\n\n\u003e ⚠️ SARIF file uploads for code scanning is not available for everyone. Read GitHub docs ([Uploading a SARIF file to GitHub](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github)) for more information.\n\n### With JSON report and custom rules config\n\n```yaml\n- name: Checkout\n uses: actions/checkout@v4\n with:\n fetch-depth: 0\n\n- name: Run Gitleaks\n id: gitleaks\n uses: DariuszPorowski/github-action-gitleaks@v2\n with:\n config: MyGitleaksConfigs/MyGitleaksConfig.toml\n\n- name: Upload Gitleaks JSON report to artifacts\n uses: actions/upload-artifact@v4\n if: failure()\n with:\n name: gitleaks\n path: ${{ steps.gitleaks.outputs.report }}\n```\n\n## Additional rules\n\n[Jesse Houwing](https://github.com/jessehouwing) provided a Gitleaks config with most of Microsoft's deprecated CredScan rules. Consider using it if you need to scan projects based on Microsoft technologies or Azure Cloud.\n\n- [UDMSecretChecks.toml](https://github.com/jessehouwing/gitleaks-azure/blob/main/UDMSecretChecksv8.toml)\n\n## Contributions\n\nIf you have any feedback on `Gitleaks`, please reach out to [Zachary Rice (@zricethezav)](https://github.com/zricethezav) for creating and maintaining [Gitleaks](https://github.com/gitleaks/gitleaks).\n\nAny feedback on the Gitleaks config for Azure `UDMSecretChecks.toml` file is welcome. Follow Jesse Houwing's GitHub repo - [gitleaks-azure](https://github.com/jessehouwing/gitleaks-azure).\n\nThanks to [C.J. May (@lawndoc)](https://github.com/lawndoc) for contributing 🤘\n\nAny feedback or contribution to this project is welcome!\n\n## How do I remove a secret from Git's history?\n\n[GitHub](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository) has a great article on this using the [BFG Repo Cleaner](https://rtyley.github.io/bfg-repo-cleaner/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdariuszporowski%2Fgithub-action-gitleaks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdariuszporowski%2Fgithub-action-gitleaks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdariuszporowski%2Fgithub-action-gitleaks/lists"}