gitlab 中的 gitleaks ci
gitleaks in gitlab ci
我正在尝试在 GitLab CI 中手动设置 gitleaks 以扫描我的 GitLab 存储库中的秘密。我想我配置错误了我的工作。作业通过,但输出 unknown flag 'c' 和 gitleaks 帮助对话,但没有预期的实际基于 gitleaks 的输出。
我的 `.gitlab-ci.yml' 看起来像:
stages:
- security
gitleaks:
stage: security
image: zricethezav/gitleaks
script:
- gitleaks --verbose --repo-path=$PWD
对我可能出错的地方有什么建议吗?
stages:
- leaks
- test
leaks:gitleaks:
stage: leaks
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script:
- gitleaks -v --repo-path=./ --config=gitleaks.toml
您可以调整阶段名称,但添加一个空入口点和 config file 可能会有所帮助。
请注意,GitLab 14.7(2022 年 1 月),Gitleaks 的性能有了一些重大改进。
Building on the large rule expansion included in GitLab 14.5, we are updating our GitLab Secret Detection analyzer, Gitleaks, to the next major version 8.
This new, major version includes massive performance updates and a complete rewrite of its core detection engine.
Secret Detection historical scans should now run much faster, with a large reduction in memory usage.
This means both faster detection and shorter (and more efficient) pipelines.
This change also sets us up to make more performance improvements that will improve all non-historical Secret Detection job runs in the future.
See Documentation and Issue.
我正在尝试在 GitLab CI 中手动设置 gitleaks 以扫描我的 GitLab 存储库中的秘密。我想我配置错误了我的工作。作业通过,但输出 unknown flag 'c' 和 gitleaks 帮助对话,但没有预期的实际基于 gitleaks 的输出。
我的 `.gitlab-ci.yml' 看起来像:
stages:
- security
gitleaks:
stage: security
image: zricethezav/gitleaks
script:
- gitleaks --verbose --repo-path=$PWD
对我可能出错的地方有什么建议吗?
stages:
- leaks
- test
leaks:gitleaks:
stage: leaks
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script:
- gitleaks -v --repo-path=./ --config=gitleaks.toml
您可以调整阶段名称,但添加一个空入口点和 config file 可能会有所帮助。
请注意,GitLab 14.7(2022 年 1 月),Gitleaks 的性能有了一些重大改进。
Building on the large rule expansion included in GitLab 14.5, we are updating our GitLab Secret Detection analyzer, Gitleaks, to the next major version 8.
This new, major version includes massive performance updates and a complete rewrite of its core detection engine.
Secret Detection historical scans should now run much faster, with a large reduction in memory usage.
This means both faster detection and shorter (and more efficient) pipelines.
This change also sets us up to make more performance improvements that will improve all non-historical Secret Detection job runs in the future.See Documentation and Issue.