GitHub Action
Run GitLeaks
Run GitLeaks action
This action provides a simple way to run GitLeaks in your CI/CD pipeline. It can be run on Linux (ubuntu-latest
), macOS (macos-latest
), or Windows (windows-latest
).
In addition, it supports GitLeaks v8.x (and v7.x), and uses GitHub caching mechanism to speed up your workflow execution time!
jobs:
gitleaks:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with: {fetch-depth: 0}
- uses: gacts/gitleaks@v1
id: gitleaks
#with:
# version: latest
# config-path: .github/.gitleaks.toml
# path: any/directory/path
#- if: ${{ always() }} # disabling reason - https://github.com/zricethezav/gitleaks/issues/782
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: ${{ steps.gitleaks.outputs.sarif }}
Note: You must use
actions/checkout
before thegacts/gitleaks
step withfetch-depth: 0
!
Following inputs can be used as step.with
keys:
Name | Type | Default | Required | Description |
---|---|---|---|---|
version |
string |
latest |
yes | GitLeaks version (latest or in 1.2.3 format) |
config-path |
string |
built-in | no | Path to the config file |
path |
string |
current working directory | no | Path to source |
run |
boolean |
true |
no | Set it to true to run GitLeaks, or false if you don't want it to run |
fail-on-error |
boolean |
true |
no | Set false for exiting without an error when GitLeaks run failed |
github-token |
string |
${{ github.token }} |
no | GitHub auth token |
In subsequent steps you will be able to use the following variables:
Description | How to use in your workflow | Example |
---|---|---|
Path to the GitLeaks binary file | ${{ steps.gitleaks.outputs.gitleaks-bin }} |
/tmp/gitleaks-8.7.1/gitleaks |
Path to the report in SARIF format | ${{ steps.gitleaks.outputs.sarif }} |
/tmp/gitleaks.sarif |
GitLeaks exit code (will be set only if inputs.run is true ) |
${{ steps.gitleaks.outputs.exit-code }} |
1 |
New versions releasing scenario:
- Make required changes in the changelog file
- Build the action distribution (
make build
oryarn build
) - Commit and push changes (including
dist
directory changes - this is important) into themaster
branch - Publish new release using repo releases page (git tag should follow
vX.Y.Z
format)
Major and minor git tags (v1
and v1.2
if you publish v1.2.Z
release) will be updated automatically.
If you find any action errors, please, make an issue in the current repository.
This is open-sourced software licensed under the MIT License.