Skip to content
shield

GitHub Action

Gitleaks Code Scan

v1.0.0 Latest version

Gitleaks Code Scan

shield

Gitleaks Code Scan

Run Gitleaks on Push and PR events

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Gitleaks Code Scan

              
  uses: dhsathiya/[email protected]
Learn more about this action in dhsathiya/gitleaks-action

Choose a version

Gitleaks GitHub Action

gitleaks

Gitleaks Action provides a simple way to run Gitleaks in your CI/CD pipeline.

Why here?

This repository is here to support the Gitleaks action with all the updates from Gitleaks source project. With the new 2.0 version of gitleaks/gitleaks-action GitHub Action they went to a commercial licence.

Sample Workflow

name: gitleaks

on: [push,pull_request]

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: gitleaks-action
      uses: dhsathiya/gitleaks-action@master

Using your own .gitleaks.toml configuration

name: gitleaks

on: [push,pull_request]

jobs:
  gitleaks:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: gitleaks-action
      uses: dhsathiya/gitleaks-action@master
      with:
        config-path: security/.gitleaks.toml

> The `config-path` is relative to your GitHub Worskpace

NOTE!!!

You must use actions/checkout before the gitleaks-action step. If you are using actions/checkout@v2 you must specify a commit depth other than the default which is 1.

ex:

    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: '0'
    - name: gitleaks-action
      uses: dhsathiya/gitleaks-action@master

using a fetch-depth of '0' clones the entire history. If you want to do a more efficient clone, use '2', but that is not guaranteed to work with pull requests.

Credits

Gitleaks Project: https://github.com/zricethezav/gitleaks Source: https://github.com/gitleaks/gitleaks-action