Commit a6f54cc5 authored by Thomas Boni's avatar Thomas Boni
Browse files

Merge branch '7-job-ci-secret-detection' into 'latest'

Resolve "[Job] CI - Secret detection"

Closes #7

See merge request go2scale/hub!53
parents 3f66c0be f65d3b9d
Loading
Loading
Loading
Loading
+38 −0
Original line number Diff line number Diff line
# 🔐 Gitleaks

## Description

[Gitleaks](https://github.com/zricethezav/gitleaks/wiki/Scanning) is a tool
made to detect hardcoded secrets like passwords, api keys and tokens in git
repos. As it written in go, it is much faster than most of the 
[alternatives](https://github.com/zricethezav/gitleaks/wiki/Comparison-with-other-tools).

## How to use it


1. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). Example:

    ```yaml
    include:
      - remote: 'https://jobs.go2scale.io/gitleaks.yml'
    ```
2. Well done, your job is ready to work ! 😀

## Job details

* Job name: `gitleaks`
* Docker image:
[`zricethezav/gitleaks:v6.1.2`](https://hub.docker.com/r/_/zricethezav/gitleaks)
* Default stage: `static_tests`
* When: `always`

## Allowing Failure

If you want for this job not to fail upon discovering a secret in the commits
of the repository, you can do that by adding this to your `.gitlab-ci.yml`

```
gitleaks:
  allow_failure: true
```
 No newline at end of file
+14 −0
Original line number Diff line number Diff line
stages:
  - static_tests

gitleaks:
  stage: static_tests
  image: 
    name: "zricethezav/gitleaks:v6.1.2"
    entrypoint: [""]
  script:
    - gitleaks -v --pretty --repo-path . --commit-from=$CI_COMMIT_SHA --commit-to=$CI_COMMIT_BEFORE_SHA --branch=$CI_COMMIT_BRANCH --report gitleaks-report.json
  artifacts:
    expose_as: "gitleaks-report"
    paths: ["gitleaks-report.json"]
    when: always
 No newline at end of file

jobs/gitleaks/job.yml

0 → 100644
+6 −0
Original line number Diff line number Diff line
name: gitleaks
description: A secret detection job using gitleaks to alert on secrets being pushed
default_stage: static_tests
icon: 🔐
maintainer: FulcrandG
license: MIT
 No newline at end of file
+1 −0
Original line number Diff line number Diff line
* Initial version
 No newline at end of file