-
-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scan only PR commits for Gitleaks instead of whole codebase #2504
Conversation
For the
So we'll need to go to it a way or another. |
@echoix that's the reason I put the note in the 1st line |
Yeah, Poetry is great! |
@nvuillam +/- this PR is ready, minor cleanup, and changes left, but have Q around |
@DariuszPorowski it looks great, i'll check that tomorrow, thanks for the PR:) |
@nvuillam no rush, take your time. Tomorrow I am off so will continue on Thursday. |
quick build TEST_KEYWORDS=repository_gitleaks
@nvuillam just following up :) |
@DariuszPorowski you have many failing test cases ^^ |
@nvuillam actually follow up was on this question not on the code hehe ;) |
@DariuszPorowski if it breaks existing config of ML using gitleaks and VALIDATE_ALL_CODEBASE=false , i'd prefer to stay deactivated by default, to avoid a breaking change like u said ^^ |
quick build TEST_KEYWORDS=repository_gitleaks
@nvuillam I'm sorry it took so long but the last month has been hectic at work. PR ready for review :) |
@DariuszPorowski same here, I understand 🤣 Your PR looks great but I have some doubts about the documentation... it seems you directly updated generated markdown file https://github.com/oxsecurity/megalinter/blob/cff15a01ef2d29d904b97b268df8b54225429b4a/docs/descriptors/repository_gitleaks.md , so the next time the doc will be rebuilt, it will be overwritten If you want "free text" doc to be added, you need to update linter_description property in the YML descriptor file :) You can verify that by yourself using |
@DariuszPorowski Same remark about custom variables: if you add them in the descriptor, they will be automatically added to the doc & json schema ^^ |
@nvuillam Oh gosh, the last changes to te main were painful to integrate with this PR :D hope now is good, docs generated automatically |
@DariuszPorowski i can assure you they were even harder to implement 😅 But it's for the better good: with next version you'll just have to trust MegaLinter core code with your env variables (including secrets defined in CI/CD), no need anymore to trust the dozens of embedded linters 😎 |
@DariuszPorowski plz can u merge main in your branch ? :) |
Sure, will do over the weekend |
I did it :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DariuszPorowski thanks for this great PR :)
Fixes #2487
Proposed Changes
--redact
flag for gitleaks should be default to prevent exposing detected secrets to logsCI
env use case, based on discussion: AzureCommentReporter vars reflect official Azure DevOps naming #2510 (comment)https://github.com/zricethezav/gitleaks
->https://github.com/gitleaks/gitleaks
Readiness Checklist
Author/Contributor
Reviewing Maintainer
breaking
if this is a large fundamental changeautomation
,bug
,documentation
,enhancement
,infrastructure
, orperformance