name: gitleaks
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
jobs:
scan:
name: gitleaks
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install gitleaks
env:
GITLEAKS_VERSION: 8.21.2
run: |
set -euo pipefail
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" \
| sudo tar -xz -C /usr/local/bin gitleaks
gitleaks version
- name: Scan repository history
run: gitleaks detect --source . --redact --verbose --no-banner --config .gitleaks.toml