Scan your repositories looking for hardcoded credentials (passwords, token). All leaks are collected and exported as a
.csv file.
-
Scan all repositories of a given organization
go run . -organization=<organization-name>
-
Scan single repository
go run . -repository-url=<repository-ssh-url>
If you need to add custom regex expressions to detect secrets, just edit the configuration file adding/removing rules. You can find more examples about how rules are composed at GitLeaks configuration docs.
To allow read your repository information, you must set a
GitHub token in the
.env file. To scan the repos, the application clones the entire repository in memory, so you will need to
configure an SSH key to allow cloning your repository. This key must be located in $HOME/.ssh/id_rsa (default).
Learn more about how to configure SSH access
here.
This project uses go-github to get repository information, to perform the scan uses GitLeaks as an API. It doesn't execute any command in your terminal, it performs the scanning using the library public methods.
Scan single repository- Centralize authentication strategy
- Flexible report output (support for
.jsonas well) - Execute inside Docker