feat: default gitleaks arguments to avoid secret exposure

595fc7df · Anoop Mazhavancheri · Cédric OLIVIER · 0399daa2 · 595fc7df · 595fc7df
Commit 595fc7df authored 10 months ago by Anoop Mazhavancheri Committed by Cédric OLIVIER 10 months ago
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ They use the following configuration.
 | --------------------- | -------------------------------------- | ----------------- |
 | `image` / `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks  | `registry.hub.docker.com/zricethezav/gitleaks:latest` |
 | `rules` / `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
-| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
+| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose --redact` |
 ### Configuring Gitleaks rules

--- a/kicker.json
+++ b/kicker.json
@@ -19,7 +19,7 @@
    {
      "name": "GITLEAKS_ARGS",
      "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)",
-      "default": "--verbose",
+      "default": "--verbose --redact",
      "advanced": true
    }
  ]

--- a/templates/gitlab-ci-gitleaks.yml
+++ b/templates/gitlab-ci-gitleaks.yml
@@ -24,7 +24,7 @@ spec:
      default: ''
    args:
      description: '[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)'
-      default: '--verbose'
+      default: '--verbose --redact'
 ---
 workflow:
  rules: