gitleaks
Detect and prevent hardcoded secrets in git repos
Gitleaks is a security-focused CLI tool designed to detect secrets like passwords, API keys, and tokens in git repositories, files, and data streams. Using regex-based pattern matching, it scans through code to identify potentially sensitive information that may have been accidentally committed to version control or stored in files. The tool provides detailed findings including the secret location, associated git commit information, and entropy analysis to help developers quickly identify and remediate security vulnerabilities.
Gitleaks offers flexible scanning modes including git repository scanning, directory/file scanning, and stdin input processing. It integrates seamlessly into development workflows through GitHub Actions, pre-commit hooks, and Docker containers. The tool supports custom configuration files, baseline reporting to ignore historical issues, and multiple output formats including JSON, CSV, SARIF, and JUnit for integration with various security and CI/CD tools.
This tool is essential for security teams, DevOps engineers, and developers who need to ensure their codebases don't contain exposed secrets. Whether you're conducting security audits, implementing automated security checks in CI/CD pipelines, or performing one-time scans of existing repositories, Gitleaks provides the flexibility and accuracy needed to maintain secure code practices.
Installation
# via Homebrew
brew install gitleaks
# via Docker
docker pull zricethezav/gitleaks:latest
# via From Source
git clone https://github.com/gitleaks/gitleaks.git && cd gitleaks && make build