I am attempting to manually setup gitleaks in GitLab CI to scan my GitLab repo for secrets. I think I've misconfigured my job. The job passes, but outputs a unknown flag 'c' and the gitleaks help dialogue but no expected actual gitleaks-based output.
My `.gitlab-ci.yml' looks like:
stages:
- security
gitleaks:
stage: security
image: zricethezav/gitleaks
script:
- gitleaks --verbose --repo-path=$PWD
Any suggestion where I might be going wrong?
See if this example works better
stages:
- leaks
- test
leaks:gitleaks:
stage: leaks
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script:
- gitleaks -v --repo-path=./ --config=gitleaks.toml
You can adapt the stage name, but adding an empty entrypoint, and a config file might help.
Note that with GitLab 14.7 (January 2022), there has been some major Gitleaks performance improvements.
Building on the large rule expansion included in GitLab 14.5, we are updating our GitLab Secret Detection analyzer, Gitleaks, to the next major version 8.
This new, major version includes massive performance updates and a complete rewrite of its core detection engine.
Secret Detection historical scans should now run much faster, with a large reduction in memory usage.
This means both faster detection and shorter (and more efficient) pipelines.
This change also sets us up to make more performance improvements that will improve all non-historical Secret Detection job runs in the future.See Documentation and Issue.