Commit deb0cffc authored by FulcrandG's avatar FulcrandG
Browse files

Adding gitleaks job

parent 347e06d2
Loading
Loading
Loading
Loading
+28 −0
Original line number Diff line number Diff line
# 🔐 Gitleaks

## Description

[Gitleaks](https://github.com/zricethezav/gitleaks/wiki/Scanning) is a tool
made to detect hardcoded secrets like passwords, api keys and tokens in git
repos. As it written in go, it is much faster than most of the 
[alternatives](https://github.com/zricethezav/gitleaks/wiki/Comparison-with-other-tools).

## How to use it


1. Add the corresponding URL to your `.gitlab-ci.yml` file (see [Getting
   started](/getting-started)). Example:

    ```yaml
    include:
      - remote: 'https://jobs.go2scale.io/gitleaks.yml'
    ```
2. Well done, your job is ready to work ! 😀

## Job details

* Job name: `gitleaks`
* Docker image:
[`python:3.6-stretch`](https://hub.docker.com/r/_/python)
* Default stage: `static_tests`
* When: `always`
+15 −0
Original line number Diff line number Diff line
stages:
  - static tests

# From https://github.com/pmarlow/ci_secrets/blob/master/example.gitlab-ci.yml

gitleaks:
  image: python:3.6-stretch
  before_script:
    - pip install ci_secrets
  script:
    - if [ ! -z ${CI_MERGE_REQUEST_ID	} ]; then
    -   ci_secrets --since origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --log INFO
    - else
    -   ci_secrets --since $CI_COMMIT_BEFORE_SHA --log INFO
    - fi

jobs/gitleaks/job.yml

0 → 100644
+6 −0
Original line number Diff line number Diff line
name: gitleaks
description: A secret detection job using gitleaks to alert on secrets being pushed
default_stage: static_tests
icon: 🔐
maintainer: FulcrandG
license: MIT
 No newline at end of file
+1 −0
Original line number Diff line number Diff line
* Initial version
 No newline at end of file