@@ -319,27 +319,33 @@ Check your repositories for unwanted files
319319With `Gitleaks <https://github.com/gitleaks/gitleaks >`_ you can regularly check
320320your repositories for unintentionally saved access data.
321321
322- You can also run Gitleaks automatically as a GitLab action. To do this, you need
323- to include the `Secret-Detection.gitlab-ci.yml
324- <https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml> `_
325- template, for example, in a stage called ``secrets-detection `` in your
326- :file: `.gitlab-ci.yml ` file:
322+ You can use Gitleaks with the :doc: `advanced/hooks/pre-commit ` by entering the
323+ following in the :file: `.pre-commit-config.yaml ` file:
327324
328325.. code-block :: yaml
329326
330- include :
331- - template : Security/Secret-Detection.gitlab-ci.yml
327+ repos :
328+ - repo : https://github.com/gitleaks/gitleaks
329+ rev : v8.21.1
330+ hooks :
331+ - id : gitleaks
332332
333-
334- the source code of your project for secrets. The results are saved as a `Secret
335- Detection Report Artifact
336- <https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssecret_detection> `_
337- that you can download and analyse later.
333+ note ::
334+ To deactivate the Gitleaks hook, you can prefix it with ``SKIP=Gitleaks `` so
335+ that Gitleaks is not executed:
338336
339- .. seealso ::
337+ .. code-block :: console
338+
339+ $ SKIP=gitleaks git commit -m "Add secret"
340+ Detect hardcoded secrets................................................Skipped
341+
342+ gitleaks:allow `` comment to a line,
343+ for example:
344+
345+ .. code-block :: Python
340346
341- * ` GitLab Secret Detection
342- <https://docs.gitlab.com/ee/user/application_security/secret_detection/> `_
347+ class MyClass :
348+ client_secret = " Srtub6pZcTSET9V4vUpUg7xPi64sh3NV " # gitleaks:allow
343349
344350:ref: `git-filter-repo <git-filter-repo >` you can remove unwanted files from
345351your Git history.
0 commit comments