Deprecate SECRET_DETECTION_COMMIT_* options
Description
Gitleaks v8.0.0 removed all --commit* options and instead offered a more flexible --log-opts option which accepts git log options.
Commit related options
| Variable | Reason for deprecation |
|---|---|
SECRET_DETECTION_COMMIT_FROM |
Can be replaced by SECRET_DETECTION_LOG_OPTS
|
SECRET_DETECTION_COMMIT_TO |
Can be replaced by SECRET_DETECTION_LOG_OPTS
|
SECRET_DETECTION_COMMITS |
Can be replaced by SECRET_DETECTION_LOG_OPTS
|
SECRET_DETECTION_COMMITS_FILE |
Can be replaced by SECRET_DETECTION_LOG_OPTS
|
These deprecations would reduce the complexity in the analyzer as we are parsing a commits file and generating git log options from that commits file.
Other options that should be deprecated
| Variable | Reason for deprecation |
|---|---|
SECRET_DETECTION_ENTROPY_LEVEL |
Entropy only rules are not supported by gitleaks. They caused too many false positives |
Tasks
-
Update documentation -
Remove variables -
Detect if these variables are provided and print a warning