Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zricethezav/gitleaks-ci
gitleaks, but for PRs
https://github.com/zricethezav/gitleaks-ci
continuous-integration security
Last synced: 2 months ago
JSON representation
gitleaks, but for PRs
- Host: GitHub
- URL: https://github.com/zricethezav/gitleaks-ci
- Owner: zricethezav
- Archived: true
- Created: 2018-05-13T03:04:01.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-11-11T16:52:33.000Z (about 5 years ago)
- Last Synced: 2024-08-03T01:39:27.564Z (5 months ago)
- Topics: continuous-integration, security
- Language: Shell
- Size: 10.7 KB
- Stars: 56
- Watchers: 3
- Forks: 18
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
## Audit PRs on github before you hit that merge button
### What is?
[Gitleaks](https://github.com/zricethezav/gitleaks) is great for doing thorough audits on repos, organizations, and/or users but
not so great for hooking into CI pipelines. **Gitleaks-CI** is 50 lines of bash code that checks your PRs for secrets you probably shouldn't be commiting. Gitleaks-CI will do a simple regex check for each line of your PR diff. Fork this project if you want to add/remove regexes.
### Alternatives?
Review the PR like a good human.
### How to?
Gitleaks-CI is a single line of code placed in whatever CI service you or your organization uses.
```
bash <(curl -s https://raw.githubusercontent.com/zricethezav/gitleaks-ci/master/gitleaks.sh)
```
**You should fork this repo and use the `gitleaks.sh` script you own rather than assuming my trust.**
#### PR logs
Sample PR with a leak [here](https://github.com/zricethezav/gitleaks-ci/pull/15)
##### CircleCI
##### Travis
---
### Accessing Private Repos
Gitleaks-CI requires the owner's credentials to access private repos
#### Travis
If you are using Travis read [this](https://docs.travis-ci.com/user/environment-variables/#Defining-encrypted-variables-in-.travis.yml) to add `GITHUB_USERNAME` and `GITHUB_API_TOKEN` environment variables.
#### CircleCI
TODO
#### Jenkins
TODO
### If you find leaks in your PR
Please read the [Github article on removing sensitive data from a repository](https://help.github.com/articles/removing-sensitive-data-from-a-repository/) to remove the sensitive information from your history.