Commit 0b2c51ef authored by Bertrand Goareguer's avatar Bertrand Goareguer Committed by Pierre SMEYERS
Browse files

fix: force clone full commits history in gitleaks complete analysis

parent 913eb40c

README.md

+2 −1
Original line number Diff line number Diff line
@@ -27,4 +27,5 @@ They use the following configuration. 
| `GITLEAKS_IMAGE`      | The Docker image used to run Gitleaks  | `zricethezav/gitleaks:latest` |

| `GITLEAKS_RULES`      | Gitleaks [configuration rules](https://github.com/zricethezav/gitleaks/wiki/Configuration) to use (you may also provide your own `.gitleaks.toml` configuration file in your project) | _none_ (uses default rules) |

| `GITLEAKS_ARGS`       | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a full Gitleaks analysis (on master or develop branches) | `--verbose` |

| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose --depth=10` _(audit on the current branch with a depth of 10)_ |
 
| `GITLEAKS_QUICK_ARGS` | [Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches) | `--verbose` _(audit on the current branch)_ |

| `GITLEAKS_QUICK_DEPTH` | Number of commits to scan (on feature branches) | `10` |

kicker.json

+8 −1
Original line number Diff line number Diff line
@@ -23,7 +23,14 @@ 
    {

      "name": "GITLEAKS_QUICK_ARGS",

      "description": "[Options](https://github.com/zricethezav/gitleaks/wiki/Options) for a quick Gitleaks analysis (on feature branches)",

      "default": "--verbose --depth=10",

      "default": "--verbose",

      "advanced": true

    },

    {

      "name": "GITLEAKS_QUICK_DEPTH",

      "description": "Number of commits to scan (on feature branches)",

      "type": "number",

      "default": "10",

      "advanced": true

    }

  ]

templates/gitlab-ci-gitleaks.yml

+7 −2
Original line number Diff line number Diff line
@@ -17,7 +17,8 @@ variables: 
  # Default Docker image (can be overriden)

  GITLEAKS_IMAGE: "zricethezav/gitleaks:latest"

  GITLEAKS_ARGS: "--verbose"

  GITLEAKS_QUICK_ARGS: "--verbose --depth=10"

  GITLEAKS_QUICK_DEPTH: "10"

  GITLEAKS_QUICK_ARGS: "--verbose"

  # default production ref name (pattern)

  PROD_REF: '/^master$/'

  # default integration ref name (pattern)
@@ -200,6 +201,8 @@ gitleaks: 
    - name: "$CI_REGISTRY/orange-opensource/tbc/tools/tracking:master"

      command: ["--service", "gitleaks", "1.1.0"]

  stage: test

  variables:

    GIT_DEPTH: 0

  before_script:

    - *gitleaks-scripts

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
@@ -222,8 +225,10 @@ gitleaks: 
# quick analysis on dev branches

gitleaks-quick:

  extends: gitleaks

  variables:

    GIT_DEPTH: "${GITLEAKS_QUICK_DEPTH}"

  script:

    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json $GITLEAKS_QUICK_ARGS

    - gitleaks ${TRACE+--debug} --path=. $gitleaks_rule_opts --report=./gitleaks/gitleaks-report.json --depth=${GITLEAKS_QUICK_DEPTH} $GITLEAKS_QUICK_ARGS

  rules:

    # exclude merge requests

    - if: $CI_MERGE_REQUEST_ID