Newer
Older
This project implements a GitLab CI/CD template to detect and prevent hardcoded secrets in your
Git repository with [Gitleaks](https://github.com/zricethezav/gitleaks/wiki).
When run on the master branch, Gitleaks will audit all commits from all branches.
When run on other branches, Gitleaks will run a quick analysis on the current branch.
## Usage
In order to include this template in your project, add the following to your `gitlab-ci.yml`:
```yaml
include:
file: '/templates/gitlab-ci-gitleaks.yml'
```
Those jobs trigger a Gitleaks analysis (either on the complete repository, either on the current branch).
They use the following configuration.
| --------------------- | -------------------------------------- | ----------------- |
| `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks | `registry.hub.docker.com/zricethezav/gitleaks:latest` |
| `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
| `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
### Configuring Gitleaks rules
Here is how this GitLab CI template chooses the Gitleaks rules to use:
1. It first looks for a `.gitleaks.toml` file at the root of your project repository.
2. If not found, it uses the `.toml` file specified with the `$GITLEAKS_RULES` variable.
3. If not specified, [default Gitleaks rules] (https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml) are used.