Add GitLab CI template for secret scanning with Gitleaks #44
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KraMorK
requested changes
Oct 14, 2025
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
…s for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
…pt for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]>
Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
force-pushed
the
feature/gitleaks
branch
from
1120d1d to
db4be4a
Compare
KraMorK
approved these changes
Oct 14, 2025
Signed-off-by: Roman Trofimenkov <[email protected]>
KraMorK
approved these changes
Oct 14, 2025
himax1991
approved these changes
Oct 15, 2025
Taior
approved these changes
Oct 15, 2025
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
rtrofimenkov-ssdlc
added a commit
that referenced
this pull request
Oct 17, 2025
* gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * path fix, added stage Signed-off-by: Roman Trofimenkov <[email protected]> * added docker runner tag Signed-off-by: Roman Trofimenkov <[email protected]> * tags fix Signed-off-by: Roman Trofimenkov <[email protected]> * pipeline refactor for shell executor Signed-off-by: Roman Trofimenkov <[email protected]> * gitleaks pipe refactor Signed-off-by: Roman Trofimenkov <[email protected]> * Add empty before_script to gitleaks CI template Signed-off-by: Roman Trofimenkov <[email protected]> * PATH fix Signed-off-by: Roman Trofimenkov <[email protected]> * Add gitleaks cleanup stage to CI template Signed-off-by: Roman Trofimenkov <[email protected]> * Update gitleaks CI template to include optional dependencies and rules for cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * updated error parsind and printing to stdout Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * output fix Signed-off-by: Roman Trofimenkov <[email protected]> * stdout fix Signed-off-by: Roman Trofimenkov <[email protected]> * fixed cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup fix Signed-off-by: Roman Trofimenkov <[email protected]> * cleanup stage fix Signed-off-by: Roman Trofimenkov <[email protected]> * depth fix Signed-off-by: Roman Trofimenkov <[email protected]> * deleted cleanup stage Signed-off-by: Roman Trofimenkov <[email protected]> * report fix Signed-off-by: Roman Trofimenkov <[email protected]> * Refactor cleanup process in GitLab CI configuration to use after_script for better clarity and organization. Signed-off-by: Roman Trofimenkov <[email protected]> * Remove redundant stages declaration from gitleaks template Signed-off-by: Roman Trofimenkov <[email protected]> * fix: add GitLab server host to gitleaks blob URLs Signed-off-by: Roman Trofimenkov <[email protected]> --------- Signed-off-by: Roman Trofimenkov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's added:
gitleaks.gitlab-ci.ymltemplate for automatic secret detection in codediff(PR changes only) andfull(entire repository)gitleaks_diff- for MRs (automatic)gitleaks_full_manual- for manual runsgitleaks_full_scheduled- for scheduled scansgitleaks.tomlUsage:
This template complements the existing Deckhouse CI template ecosystem, providing additional security for module development.