Gitleaks is a powerful command-line tool designed to scan git repositories for secrets, such as passwords, API keys, and tokens. It helps prevent sensitive information from being exposed in your codebase.
Key features include:
- Comprehensive Scanning: Scans git repos, directories, files, and even standard input.
- Customizable Rules: Supports custom configurations for defining secret detection rules.
- Baseline Support: Allows ignoring old findings when scanning large repositories.
- Pre-Commit Hook: Can be integrated as a pre-commit hook to prevent committing secrets.
- GitHub Action: Offers an official GitHub Action for automated scanning in CI/CD pipelines.
- Reporting: Supports various report formats (JSON, CSV, JUnit, SARIF) and custom templates.
- Decoding: Automatically decodes base64 encoded secrets.
Use cases:
- Scanning git repositories for accidentally committed secrets.
- Integrating into CI/CD pipelines to prevent secret exposure.
- Scanning local directories and files for sensitive information.
- Enforcing security policies and preventing data leaks.
