v7.0.0
What's new:
A lot. v7.0.0 might piss some people off but hey, that's why v6.2.0 exists. I kinda hated the way Gitleaks
was structured which resulted in a creeping dread when even thinking about maintaining this project. So I did what
any good software engineer would do (the following is a joke) -- completely rewrote gitleaks (okay okay some of the utils and algos stayed the same). So you may be wondering, why did I do this? Well, I'm hoping this will
help the longevity of the project and make it easier to contribute now that the code follows a
factory pattern (see the scan package). Perhaps what folks will be most upset about is the removal of the hosts
option, no more
scanning groups, projects, owners, users, or PRs/MRs directly using gitlab/github's APIs. This is something I just don't want to maintain anymore so feel free to use gitleaks as a library and create your own github/gitlab gitleaks scanner or use this script. On a lighter note, v7.0.0 includes some new features.
- Updated exit codes. 0 if gitleaks ran successfully (leaks found or no leaks found), 1 if error has occurred.
- Removal of
--pretty
. Pretty printing leaks is now the default - Removal of deduplication for leaks. If two different rules detect the same offender they will be both reported.
- Removal of
--timeout
option - Replaced
--repo-config
with--repo-config-path
. This will load a repo's config if available. - Add remote leak resource with LeakURL
- Added no-git options for directory and file scanning (maybe someone will develop a vim/IDE plugin for gitleaks??). --no-git also supports threaded execution for speedy scans
- Replaced
--repo-path
and--owner-path
with-p
,--path
. Gitleaks will determine if--path
is a git repo or directory containing git repos. If supplied with a--no-git
option gitleaks will scan all the contents of --path. This could be a directory or file. - Replaced
--repo
with--repo-url
- Replaced
--disk
with--clone-path
. No more cloning to tmp dir - Scans that require a git clone and have
--branch
or--depth
set are speedier as both--branch
and--depth
are set as clone options. - Replaced
--uncommited
with--unstaged