Doesn't work in mirrorred repositories

Question

Doesn't work in mirrorred repositories

Opened this issue 3 years ago · 4 comments

When trying to scan a git repository checked out using git clone --mirror, detect-secrets fails with an error:

fatal: this operation must be run in a work tree

To duplicate, try the following:

git clone --mirror https://github.com/Yelp/detect-secrets.git
cd detect-secrets.git/
detect-secrets scan

Answer 1 · 2022-06-27T15:49:59.000Z

@nightwatchcyber Hello. Can you post some information regarding your environment setup? OS, detect-secrets version for example? I tried this on a Linux system and it seemed to work fine. V1.2.0 of detect-secrets

Answer 2 · 2022-07-04T01:53:12.000Z

Running v1.2.0 on MacOS 12.4

Answer 3 · 2024-05-16T17:32:06.000Z

Hi @nightwatchcyber, is this issue still a concern?

Answer 4 · 2024-05-17T02:04:29.000Z

It's still a problem, just tried with detect-secrets v1.5.0 on MacOS 14.4.1:

The mirrored repository finds nothing:

git clone --mirror https://github.com/Yelp/detect-secrets.git
cd detect-secrets.git/
detect-secrets scan

Regular one finds secrets:

git clone https://github.com/Yelp/detect-secrets.git
cd detect-secrets.git/
detect-secrets scan