You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gitleaks Action v2 requires a paid license. We are currently pinned to the older version, which is not a great long-term solution because it's not receiving any updates. Possible solutions:
Run the Gitleaks core tool (which is open-source) as a pre-commit hook (see here and here). The only disadvantage would be that we would need to trust everyone on the team to configure this individually.
Abandon Gitleaks if we don't feel it's providing us enough extra value in addition to Trufflehog and git-secrets. I haven't yet found any useful comparisons of Gitleaks with either of these two other tools. I've contacted the Gitleaks team via this form to ask if they can provide these comparisons and a justification for using their tool over the other two.
Buy the license. At our current number of repos, with the "Pro" plan, we'd be paying (27 repos)*(8.75 USD per repo per month) = $236.25 per month. We could also limit our use to just the repos we really care about, or perhaps find some clever way to reduce the cost by mirroring all of our repos in a single monorepo and only scanning that repo?
Gitleaks Action v2 requires a paid license. We are currently pinned to the older version, which is not a great long-term solution because it's not receiving any updates. Possible solutions:
Also see:
The text was updated successfully, but these errors were encountered: