deps:chore - update zricethezav/gitleaks Docker tag to v8.1.1 #846
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v8.0.5
->v8.1.1
Release Notes
zricethezav/gitleaks
v8.1.1
Compare Source
Changelog
84e285e
ignore allgitleaks.toml
s by default928c6a6
Update pre-commit step to run gitleaks checks (#729)106897f
fix: format dates in log in a portable way (#735)v8.1.0
Compare Source
Changelog
(#734) This is the first big change since the release of v8.0.0 which I think has gone well? Anyways this release (v8.1.0) introduces the following changes:
secretGroup
to extract the actual secrets from the rules.entropyGroup
, so yes you probably will have to update your config againContext
toMatch
in reportsids
to the default config (probably should make this a required field but that can wait)More on:
Let's take the discord example in the default config:
discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"
The discord client secret rule, with
secretGroup
added, will extract8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ
as the secret since([a-z0-9=_\-]{32})
is regex group 3:And the resulting report finding for this example secret would look something like:
And a note on deduping/generic secrets (from the readme):
Let's continue with the example
discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"
.This secret would match both the
discord-client-secret
rule and thegeneric-api-key
rule in the default config.If gitleaks encountered
discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"
, only thediscord
rule would report a finding because the generic rule has the stringgeneric
somewhere in the rule'sid
. If a secret is encountered and both ageneric
and non-generic rule have discovered the same secret, the non-generic will be given precedence.v8.0.7
Compare Source
Changelog
089639e
bump go-gitdiff, fixes https://github.com/zricethezav/gitleaks/issues/724 (#731)v8.0.6
Compare Source
Changelog
9ae1def
Little timing hack to avoid scans prematurely finishing when git errors are present (#726)Configuration
📅 Schedule: "every weekend" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.