From 595fc7dfe42fd00c8c5dc6647779bed24955e0f4 Mon Sep 17 00:00:00 2001
From: Anoop Mazhavancheri <anoopvlcy@gmail.com>
Date: Mon, 15 Jul 2024 10:22:25 +0000
Subject: [PATCH] feat: default gitleaks arguments to avoid secret exposure

---
 README.md                        | 2 +-
 kicker.json                      | 2 +-
 templates/gitlab-ci-gitleaks.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7e8d78a..72f6b1a 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ They use the following configuration.
 | --------------------- | -------------------------------------- | ----------------- |
 | `image` / `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks  | `registry.hub.docker.com/zricethezav/gitleaks:latest` |
 | `rules` / `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
-| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
+| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose --redact` |
 
 ### Configuring Gitleaks rules
 
diff --git a/kicker.json b/kicker.json
index 0d5bc83..9df9024 100644
--- a/kicker.json
+++ b/kicker.json
@@ -19,7 +19,7 @@
     {
       "name": "GITLEAKS_ARGS",
       "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)",
-      "default": "--verbose",
+      "default": "--verbose --redact",
       "advanced": true
     }
   ]
diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml
index 320991e..cbe96e7 100644
--- a/templates/gitlab-ci-gitleaks.yml
+++ b/templates/gitlab-ci-gitleaks.yml
@@ -24,7 +24,7 @@ spec:
       default: ''
     args:
       description: '[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)'
-      default: '--verbose'
+      default: '--verbose --redact'
 ---
 workflow:
   rules:
-- 
GitLab