File tree Expand file tree Collapse file tree 1 file changed +7
-1
lines changed
Expand file tree Collapse file tree 1 file changed +7
-1
lines changed Original file line number Diff line number Diff line change @@ -79,8 +79,14 @@ gitleaks = new Config.Step {
7979 // renovate: datasource=github-tags depName=gitleaks/gitleaks
8080 local gitleaks_version = "8.30.0"
8181 // XXX scans whole folder if there are multiple files (see https://github.com/gitleaks/gitleaks/issues/1727)
82- check = "gitleaks dir -v {{files}}"
82+ // apart from unnecessary performance impact, this also causes files that are in .gitignore to be scanned
83+ // check = "gitleaks dir -v {{files}}"
84+ // workaround: run for each file individually
85+ check =
86+ "sh -c 'set -e; for file in \" $@\" ; do echo \" Scanning file $file\" ; gitleaks dir --no-banner -v \" $file\" ; done' _ {{files}}"
8387 prefix = "mise x gitleaks@\(gitleaks_version) --"
88+ // also show stdout to include info on scanned file and found secrets in the output
89+ output_summary = "combined"
8490}
8591
8692// https://github.com/trufflesecurity/trufflehog
You can’t perform that action at this time.
0 commit comments