Replace ripsecrets with gitleaks (!104303) · Merge requests · GitLab.org / GitLab

Dmitry Gruzd requested to merge replace-ripsecrets-with-gitleaks into master Nov 16, 2022

What does this MR do and why?

This MR replaces ripsecrets, which was introduced in !103705 (merged), with gitleaks. Switching to gitleaks has been suggested in the original MR.

Originally it was a pre-push hook, but gitleaks is designed to work with staged files. So we've changed this git hook to a pre-commit one.

Screenshots or screen recordings

How to set up and validate locally

Enable Lefthook (lefthook install)
Install gitleaks
Switch to this branch (replace-ripsecrets-with-gitleaks)

Add a file that looks like it contains a secret key

echo "aws_secret: gW2Xs75Q2uHc9FhUCZSEV" > random_file.yml

Stage this new file and try to create a commit

git add random_file.yml && git commit -m "Testing gitleaks"

It should fail and print a message similar to the one in the screenshots section

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 16, 2022 by Dmitry Gruzd

Replace ripsecrets with gitleaks

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports