gitleaks is not installed by GDK setup on Linux, and the pre-commit hook passes even when it's not installed
Overview
On Linux, gitleaks is not installed by the GDK setup because brew isn't available. When running git commit a warning is shown for "gitleaks is not installed", but in the summary section, secrets-detection is marked with a green checkbox, and the pre-commit hook passes:
 |
This is easy to miss and can (and did) cause someone to accidentally commit and push up an API key, and the pre-commit hook does not stop it from happening. We should do 2 things:
- If possible, modify the GDK setup so that it installs
gitleakson Linux. - Fail the pre-commit hook if
gitleaksis not installed.
Impacted categories
The following categories relate to this issue:
-
gdk-reliability - e.g. When a GDK action fails to complete. -
gdk-usability - e.g. Improvements or suggestions around how the GDK functions. -
gdk-performance - e.g. When a GDK action is slow or times out.
Steps to replicate (optional)
Proposal (optional)
Environment (optional)
- Operating system name:
Linux Ubuntu 5.19.0-41-generic #42~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 18 17:40:00 UTC 2 x86_64 x86_64 x86_64 GNU/Linux - Architecture:
x86_64 - The contents of your
gdk.yml(if any) - Ruby version:
ruby 3.0.5p211 (2022-11-24 revision ba5cf0f7c5) [x86_64-linux] - GDK version:
432eb4f1
Edited by Daniel Tian