Gitleaks

Detect hardcoded secrets in Git repos

Description

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in Git repos. It's fast and can be integrated into CI/CD pipelines.

Installation

BASH

                            # Homebrew
brew install gitleaks

# Go
go install github.com/gitleaks/gitleaks/v8@latest
                        

Basic Usage

BASH

                            # Scan a repo
gitleaks detect -s /path/to/repo

# Scan from stdin
gitleaks detect --pipe
                        

Advanced Usage

                        BASH
                        
                            # JSON output
gitleaks detect -s /path/to/repo -f json -r results.json

# Verbose
gitleaks detect -s /path/to/repo -v

# Custom config
gitleaks detect -s /path/to/repo -c custom-config.toml

Back to Secret Discovery