Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks aims to be the easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
Features:
- Scans for commited secrets
- Scans for uncommitted secrets as part of shifting security left
- Available Github Action
- Gitlab and Github API support which allows scans of whole organizations, users, and pull/merge requests
- Custom rules via toml configuration
- High performance using go-git
- JSON and CSV reporting
- Private repo scans using key or password based authentication
Installation, Documentation and Examples
This project is documented here
Gamma proactively detects and remediates data leaks across cloud apps. Scan your public repos for secret leaks with Gamma
These users are sponsors of gitleaks:
Logo Attribution
The Gitleaks logo uses the Git Logo created Jason Long is licensed under the Creative Commons Attribution 3.0 Unported License.