Skip to content

Bump Gitleaks to 8.20.1

Katrin Leinweber requested to merge 495414-bump-gitleaks-release into master

What does this MR do and why?

Resolves mostly Bump gitleaks version and update lefthook.yml (#495414 - closed) and removes the related, but apparently unused {files} filter from our Lefthook configuration.

Somewhat breaking change here :-/

As gitleaks git --pre-commit --staged is a new command here that replaces gitleaks detect, Lefthook will fail for users who've not asdf installed after pulling this change.

Normally, gdk update does that automaticaly, so we're merely risking an inconvenience here.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Local test to confirm PAT detection:

$ echo "glpat-abcdefghij0123456789" > README.md ; git commit --all
╭───────────────────────────────────────╮
│ 🥊 lefthook v1.7.15  hook: pre-commit │
… secrets-detection ❯
… Finding:     REDACTED
… Fingerprint: README.md:gitlab-pat:119
… WRN leaks found: 1

How to set up and validate locally

  1. Checkout this branch
  2. asdf install
  3. Run a local test as the one above.
Edited by Katrin Leinweber

Merge request reports

Loading