Audit PRs on github before you hit that merge button
What is?
Gitleaks is great for doing thorough audits on repos, organizations, and/or users but not so great for hooking into CI pipelines. Gitleaks-CI is 50 lines of bash code that checks your PRs for secrets you probably shouldn't be commiting. Gitleaks-CI will do a simple regex check for each line of your PR diff. Fork this project if you want to add/remove regexes.
Alternatives?
Review the PR like a good human.
How to?
Gitleaks-CI is a single line of code placed in whatever CI service you or your organization uses.
bash <(curl -s https://raw.githubusercontent.com/zricethezav/gitleaks-ci/master/gitleaks.sh)
You should fork this repo and use the gitleaks.sh
script you own rather than assuming my trust.
PR logs
Sample PR with a leak here
CircleCI
Travis
Accessing Private Repos
Gitleaks-CI requires the owner's credentials to access private repos
Travis
If you are using Travis read this to add GITHUB_USERNAME
and GITHUB_API_TOKEN
environment variables.
CircleCI
TODO
Jenkins
TODO
If you find leaks in your PR
Please read the Github article on removing sensitive data from a repository to remove the sensitive information from your history.