From 0b2c51ef5d9cbb2794073939c2c18e9a457e5b66 Mon Sep 17 00:00:00 2001 From: Bertrand Goareguer <bertrand.goareguer@gmail.com> Date: Fri, 4 Jun 2021 14:44:15 +0000 Subject: [PATCH] fix: force clone full commits history in gitleaks complete analysis --- README.md | 3 ++- kicker.json | 9 ++++++++- templates/gitlab-ci-gitleaks.yml | 9 +++++++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a4949f8..edfff68 100644 --- a/README.md +++ b/README.md @@ -27,4 +27,5 @@ They use the following configuration. | `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks | `zricethezav/gitleaks:latest` | | `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project) | _none_ (uses default rules) | | `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` | -| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose --depth=10` _(audit on the current branch with a depth of 10)_ | +| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose` _(audit on the current branch)_ | +| `GITLEAKS_QUICK_DEPTH` | Number of commits to scan (on feature branches) | `10` | diff --git a/kicker.json b/kicker.json index fe89c77..75b2ba4 100644 --- a/kicker.json +++ b/kicker.json @@ -23,7 +23,14 @@ { "name": "GITLEAKS_QUICK_ARGS", "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches)", - "default": "--verbose --depth=10", + "default": "--verbose", + "advanced": true + }, + { + "name": "GITLEAKS_QUICK_DEPTH", + "description": "Number of commits to scan (on feature branches)", + "type": "number", + "default": "10", "advanced": true } ] diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml index 20609ce..722cfec 100644 --- a/templates/gitlab-ci-gitleaks.yml +++ b/templates/gitlab-ci-gitleaks.yml @@ -17,7 +17,8 @@ variables: # Default Docker image (can be overriden) GITLEAKS_IMAGE: "zricethezav/gitleaks:latest" GITLEAKS_ARGS: "--verbose" - GITLEAKS_QUICK_ARGS: "--verbose --depth=10" + GITLEAKS_QUICK_DEPTH: "10" + GITLEAKS_QUICK_ARGS: "--verbose" # default production ref name (pattern) PROD_REF: '/^master$/' # default integration ref name (pattern) @@ -200,6 +201,8 @@ gitleaks: - name: "$CI_REGISTRY/orange-opensource/tbc/tools/tracking:master" command: ["--service", "gitleaks", "1.1.0"] stage: test + variables: + GIT_DEPTH: 0 before_script: - *gitleaks-scripts - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}" @@ -222,8 +225,10 @@ gitleaks: # quick analysis on dev branches gitleaks-quick: extends: gitleaks + variables: + GIT_DEPTH: "${GITLEAKS_QUICK_DEPTH}" script: - - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json $GITLEAKS_QUICK_ARGS + - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json --depth=${GITLEAKS_QUICK_DEPTH} $GITLEAKS_QUICK_ARGS rules: # exclude merge requests - if: $CI_MERGE_REQUEST_ID -- GitLab