# GitLab CI template for Gitleaks

This project implements a generic GitLab CI template for [Gitleaks](https://github.com/zricethezav/gitleaks/wiki).

When run on the master branch, Gitleaks will audit all commits from all branches.

When run on other branches, Gitleaks will run a quick analysis on the current branch.

## Usage

In order to include this template in your project, add the following to your `gitlab-ci.yml`:

```yaml
include:
  - project: 'to-be-continuous/gitleaks'
    ref: '1.3.0'
    file: '/templates/gitlab-ci-gitleaks.yml'
```

## `gitleaks` jobs configuration

Those jobs trigger a Gitleaks analysis (either on the complete repository, either on the current branch).
They use the following configuration.

| Name                  | description                            | default value     |
| --------------------- | -------------------------------------- | ----------------- |
| `GITLEAKS_IMAGE`      | The Docker image used to run Gitleaks  | `zricethezav/gitleaks:latest` |
| `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks#configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project). | _none_ (uses default rules) |
| `GITLEAKS_ARGS`       | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |

### Configuring Gitleaks rules

Here is how this GitLab CI template chooses the Gitleaks rules to use:

1. It first looks for a `.gitleaks.toml` file at the root of your project repository.
2. If not found, it uses the `.toml` file specified with the `$GITLEAKS_RULES` variable.
3. If not specified, [default Gitleaks rules] (https://github.com/zricethezav/gitleaks/blob/master/config/default.go) are used.