gitleaks v8.16.1 releases: Searches full repo history for secrets and keys

gitleaks – Check git repos for secrets and keys

Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.

As part of its core functionality, it provides;

• Github support includes support for the bulk organization and repository owner (user) repository scans, as well as pull request scanning for use in common CI workflows.
• Support for private repository scans, and repositories that require key-based authentication
• Output in CSV and JSON formats for consumption in other reporting tools and frameworks
• Externalised configuration for environment-specific customization including regex rules
• Customizable repository name, file type, commit ID, branchname, and regex whitelisting to reduce false positives
• High performance through the use of src-d’s go-git framework

It has been successfully used in a number of different scenarios, including;

• Adhoc scans of local and remote repositories by filesystem path or clone URL
• Automated scans of github users and organizations (both public and enterprise platforms)
• As part of a CICD workflow to identify secrets before they make it deeper into your codebase
• As part of a wider secret auditing automation capability for git data in large environments

Changelog v8.16.1

• 1fb3a77 Update gitleaks.toml (#1116)
• 11c2ad0 Add gradle.lockfile to allowlist (#1112)
• e55d397 Update pre-commit rev tag in README (#1108)
• 2dd9946 Add pnpm-lock.yaml and Database.refactorlo (#1109)

Download

Tutorial