You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note that this is a false positive on a git commit SHA.
Expected behavior
gitleaks should probably ignore the .git directory when using --no-git, or should add another option like --no-git-ignore-git-directory. Hopefully with a better name than that.
Basic Info (please complete the following information):
OS: Mac OS X
Gitleaks Version: 7.0.1.
Additional context
Add any other context about the problem here.
@paul-m Thanks for raising this issue. By default if --no-git is set then a global allowlist regex: .git$ is appended to the config. This will prevent .git dirs from being scanned.
Describe the bug
I want to scan the local files in my repo as a CI step.
With gitleaks 7 I could maybe use this:
However, since I just told gitleaks this is not a git repo, it starts scanning
.git/
, and finds false positives in the git commit SHAs.The workaround is to delete .git as a first step, but this could be counter-productive, depending on needs.
To Reproduce
Within a git repo, issue this command:
The
-v
report will (might?) show you false-positive secrets that exist within the .git directory, such as:Note that this is a false positive on a git commit SHA.
Expected behavior
gitleaks should probably ignore the .git directory when using
--no-git
, or should add another option like--no-git-ignore-git-directory
. Hopefully with a better name than that.Basic Info (please complete the following information):
Additional context
Add any other context about the problem here.
cc @zricethezav
The text was updated successfully, but these errors were encountered: