Gitleaks --no-git don't work anymore

[snaquekiller]

Describe the bug
Hello, when i try to pass --not-git for gitleaks argument, it's never work as long as it's git repos.

To Reproduce
Steps to reproduce the behavior:

1. Add "--no-git" to REPOSITORY_GITLEAKS_ARGUMENTS
2. run megalinter in git repository
3. it's will scan the whole repo with all git commit

Expected behavior
Should not read commit.

Additional context
I suppose that the problem commit is : 7ff24de#diff-a99fcd6a981aa3d1d5a58aced014f97230d5e2f948e99cdc3f068330e3cca579

[nvuillam]

@DariuszPorowski please could you have a look ? :)

[VictorRos]

Hello!
I'm working with Nicolas.
He's currently in vacations, but I can follow up this issue if you have questions.
Since condition has changed, option --no-git is always removed.

[riccardos77]

Hello, same problem here.
Please can you tell me if there is a parameter configuration that allows to analyze only the current files and not the Git history like --no-git argument?

thanks

[nvuillam]

@VictorRos @DariuszPorowski any chance you can have a look at this regression to allow --no-git to be used again? :)

[DariuszPorowski]

@nvuillam I am on vacation now. Going back in 3 weeks.

[nvuillam]

@DariuszPorowski no problem, enjoy your vacations :)

At worse i'll add a workaround with an env var :)

[riccardos77]

hello, any update for this issue? thanks

[Kurt-von-Laven]

This is not a well thought out idea, but I wonder if there is a way to work around this by passing something clever to Gitleaks using --log-opts.

[finnlander]

Additional context I suppose that the problem commit is : 7ff24de#diff-a99fcd6a981aa3d1d5a58aced014f97230d5e2f948e99cdc3f068330e3cca579

I think the changed line 72 is the culprit here:

• previously there was "else if"-condition (i.e. if --no-git was not in the custom parameters, but is in the cmd, added by ML)
• now there is simply "if"-condition, separated from the custom parameters check (if --no-git is included by any reason -> ignore it)

I've been "struggling" with the same issue here as in my case:

• Gitleaks execution for the entire repository takes about 600 seconds (i.e. way too long for reasonable fast feedback loops)
• It seems that REPOSITORY_GITLEAKS_PR_COMMITS_SCAN is not working when using push event trigger in GitHub (the code assumes use of pull-request trigger and of course the parameter name suggest it too) -> I want to trigger the MegaLinter a bit quicker/earlier, hence using push events.
• And using --no-git does not work currently as the value is omitted.

Any ideas on how to work around the issue or a bugfix release would be much appreciated 😄 .

[nvuillam]

@DariuszPorowski will you find the time to solve the issue, or is it faster if someone else investigates it ? :)

[DariuszPorowski]

@nvuillam unfortunately in the upcoming period I cannot handle this due to personal/work stuff. Probably closer to the EOY I can jump back to some open-source contribution.

[VictorRos]

Hi!
I took time to contribute on MegaLinter to try fixing the problem.
PR is opened.
Wait and see!

[nvuillam]

Fixed :)

@VictorRos If you can confirm with beta version, it's nice ^^

[snaquekiller]

that seem work on one of my repository i test . If other people can confirm that ok :)

[nvuillam]

@snaquekiller thanks for your feedback :)

[VictorRos]

@nvuillam I confirmed, @snaquekiller tested it for me 😄

We had a use case this morning where a developer had a problem with MegaLinter 7.2.1 and we didn't get the problem with MegaLinter beta.

We are waiting for next release to upgrade to next version all our repositories.

[nvuillam]

@VictorRos thanks for the feedback :)

The next release should happen this week-end :)