From 595fc7dfe42fd00c8c5dc6647779bed24955e0f4 Mon Sep 17 00:00:00 2001 From: Anoop Mazhavancheri <anoopvlcy@gmail.com> Date: Mon, 15 Jul 2024 10:22:25 +0000 Subject: [PATCH] feat: default gitleaks arguments to avoid secret exposure --- README.md | 2 +- kicker.json | 2 +- templates/gitlab-ci-gitleaks.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7e8d78a..72f6b1a 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ They use the following configuration. | --------------------- | -------------------------------------- | ----------------- | | `image` / `GITLEAKS_IMAGE` | The Docker image used to run Gitleaks | `registry.hub.docker.com/zricethezav/gitleaks:latest` | | `rules` / `GITLEAKS_RULES` | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) | -| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` | +| `args` / `GITLEAKS_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose --redact` | ### Configuring Gitleaks rules diff --git a/kicker.json b/kicker.json index 0d5bc83..9df9024 100644 --- a/kicker.json +++ b/kicker.json @@ -19,7 +19,7 @@ { "name": "GITLEAKS_ARGS", "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)", - "default": "--verbose", + "default": "--verbose --redact", "advanced": true } ] diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml index 320991e..cbe96e7 100644 --- a/templates/gitlab-ci-gitleaks.yml +++ b/templates/gitlab-ci-gitleaks.yml @@ -24,7 +24,7 @@ spec: default: '' args: description: '[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches)' - default: '--verbose' + default: '--verbose --redact' --- workflow: rules: -- GitLab