Gitleaks is great for doing thorough audits on repos, organizations, and/or users but not so great for hooking into CI pipelines. Gitleaks-CI is 50 lines of bash code that checks your PRs for secrets you probably shouldn't be commiting. Gitleaks-CI will do a simple regex check for each line of your PR diff. Fork this project if you want to add/remove regexes.
Review the PR like a good human.
Gitleaks-CI is a single line of code placed in whatever CI service you or your organization uses.
bash <(curl -s https://raw.githubusercontent.com/zricethezav/gitleaks-ci/master/gitleaks.sh)
You should fork this repo and use the gitleaks.sh
script you own rather than assuming my trust.
Sample PR with a leak here
Gitleaks-CI requires the owner's credentials to access private repos
If you are using Travis read this to add GITHUB_USERNAME
and GITHUB_API_TOKEN
environment variables.
TODO
TODO
Please read the Github article on removing sensitive data from a repository to remove the sensitive information from your history.