Conversation
Checks to make sure Gitleaks GitHub action is enabled to prevent the leakage of passwords or keys.
| guidance: | | ||
| Ensure that Gitleak is configured and enabled for the repository. | ||
| Gitleaks is an open-source secret scanner for git repositories, files, and directories. | ||
| For more information, see the [GitHub Action Gitleaks](https://github.com/gitleaks/gitleaks) documentation. |
There was a problem hiding this comment.
nit: should we show a sample of how a workflow with this action looks like?
There was a problem hiding this comment.
I updated the guidance and linked directly to the github action repo. Do you think i should add the Github action configuration directly to the guidance section?
|
|
||
| default message := "Gitleaks GitHub action is not configured" | ||
| default allow := false | ||
| allow if {"gitleaks/gitleaks-action" in actions |
There was a problem hiding this comment.
There was a problem hiding this comment.
Updated to use contains keyword.
| release_phase: alpha | ||
| type: rule-type | ||
| name: gitleaks_github_action | ||
| display_name: Enable Gitleak to prevent leakage of passwords or keys |
There was a problem hiding this comment.
s/Gitleak/Gitleaks/
https://github.com/gitleaks/gitleaks seems to be consistently plural
There was a problem hiding this comment.
Good eyes. Updated text to be consistently plural
| default message := "Gitleaks GitHub action is not configured" | ||
| default allow := false | ||
| allow if contains(actions[_], "gitleaks/gitleaks-action") |
There was a problem hiding this comment.
Do you want to check that the workflow is on for both pull_request and push events?
There was a problem hiding this comment.
Also, do you want to add a remediation using the usage example from either the action or the repo?
|
Actually, tests are failing, so we'll need to fix that first. |
Checks to make sure Gitleaks GitHub action is enabled to prevent the leakage of passwords or keys.