doc: add GITLEAKS_RULES explainations

74b9f438 · Guilhem Martin · Pierre SMEYERS · 62b4cd59 · 74b9f438
Commit 74b9f438 authored 3 years ago by Guilhem Martin Committed by Pierre SMEYERS 3 years ago
--- a/README.md
+++ b/README.md
@@ -25,7 +25,15 @@ They use the following configuration.
 | Name                  | description                            | default value     |
 | --------------------- | -------------------------------------- | ----------------- |
 | `GITLEAKS_IMAGE`      | The Docker image used to run Gitleaks  | `zricethezav/gitleaks:latest` |
-| `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project) | _none_ (uses default rules) |
+| `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
 | `GITLEAKS_ARGS`       | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |
 | `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose` _(audit on the current branch)_ |
 | `GITLEAKS_QUICK_DEPTH` | Number of commits to scan (on feature branches) | `10` | 
+
+### Configuring Gitleaks rules
+
+Here is how this GitLab CI template chooses the Gitleaks rules to use:
+
+1. It first looks for a `.gitleaks.toml` file at the root of your project repository.
+2. If not found, it uses the `.toml` file specified with the `$GITLEAKS_RULES` variable.
+3. If not specified, [default Gitleaks rules] (https://github.com/zricethezav/gitleaks/blob/master/config/default.go) are used.