Update msdo-gitleaks.yml

theangrytech-git · web-flow · commit f05ad42a3e6f · 2025-03-31T16:26:47.000+01:00
Used a pinned version (v8.18.2) to make sure it works with SARIF. May look to change this to auto detect similiar to trufflehog if this works.
diff --git a/.github/workflows/msdo-gitleaks.yml b/.github/workflows/msdo-gitleaks.yml
@@ -24,9 +24,18 @@ jobs:
 
       - name: Run Gitleaks
         run: |
-          wget -q https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks-linux-amd64 -O gitleaks
+          echo "Downloading Gitleaks..."
+          curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz -o gitleaks.tar.gz
+          tar -xzf gitleaks.tar.gz gitleaks
           chmod +x gitleaks
-          ./gitleaks detect --source=. --report-format sarif --report-path=gitleaks.sarif --exit-code 0
+          ./gitleaks version
+
+          echo "🔍 Running Gitleaks scan..."
+          ./gitleaks detect \
+          --source=. \
+          --report-format sarif \
+          --report-path=gitleaks.sarif \
+          --exit-code 0
 
       - name: Upload SARIF to GitHub Code Scanning
         if: github.repository_visibility == 'public'
