Introduce gitleaks to the codebase
- `bin/setup` installs gitleaks - add `gitleaks dir` command to CI - configure gitleaks to ignore tmp, log, and encrypted files - tag existing false positives with `gitleaks:allow` - add historical false positives to the ignore list
This commit is contained in:
Executable
+14
@@ -0,0 +1,14 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if ! which gitleaks > /dev/null 2>&1 ; then
|
||||
echo "gitleaks is not installed, please install it first" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p tmp
|
||||
if ! gitleaks dir --redact=50 --report-path tmp/gitleaks-report.json ; then
|
||||
echo "gitleaks found potential secrets, please check tmp/gitleaks-report.json" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@@ -59,7 +59,7 @@ step "Installing Ruby" mise install --yes
|
||||
eval "$(mise hook-env)"
|
||||
|
||||
if which pacman >/dev/null 2>&1; then
|
||||
packages=(imagemagick mariadb-libs openslide libvips)
|
||||
packages=(imagemagick mariadb-libs openslide libvips gitleaks)
|
||||
if ! pacman -Q "${packages[@]}" >/dev/null 2>&1; then
|
||||
step "Installing packages" sudo pacman -S --noconfirm --needed "${packages[@]}"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user