Run Gitleaks repo scanner locally - V 1

Run Scan (Docker)

Make sure to always pull the latest before running. You can login using your NetApp SSO.

docker login docker-ngdc.repo.east1.ncloud.netapp.com
docker pull docker-ngdc.repo.east1.ncloud.netapp.com/devexp-engg/gitleaks-repo-scanner:latest

Linux:

docker run --rm -it -v "/tmp:/tmp" -v "$(pwd):$(pwd)" -w "$(pwd)" -u $(id -u):$(id -g) -e no_git -e secrets_in_logs -e repo_scan_log_dir=/tmp docker-ngdc.repo.east1.ncloud.netapp.com/devexp-engg/gitleaks-repo-scanner:latest

macOS:

docker run --rm -it -v "$HOME/Downloads:$HOME/Downloads" -v "$(pwd):$(pwd)" -w "$(pwd)" -u $(id -u):$(id -g) -e repo_scan_log_dir="$HOME/Downloads" -e no_git -e secrets_in_logs docker-ngdc.repo.east1.ncloud.netapp.com/devexp-engg/gitleaks-repo-scanner:latest

Windows (Powershell)

$env:repopath = "<path to save the report files>"

docker run --rm -it -v "${PWD}:/app/repo" -v "${env:repopath}:/tmp" -w "/app/repo" -e no_git -e secrets_in_logs -e repo_scan_log_dir=/tmp docker-ngdc.repo.east1.ncloud.netapp.com/devexp-engg/gitleaks-repo-scanner:latest

Alias

You can set an alias to make executing simpler.

(Example: alias glscan='docker run ...')

Alias only works in macOS and Linux machines.

Arguments

You pass arguments by specifying them before the command.

(Example: no_git="true" secrets_in_logs="keep" docker run ...)

(Example: no_git="true" secrets_in_logs="keep" glscan)

no_git="true|false" (default false)
- set to "true" to disable commit history scanning
secretsinlogs="keep|remove|mask" (default mask)
- set to "keep" to have raw secrets kept in plain-text in the output json/csv file
reposcanlog_dir="path-to-your-reports-directory"
- this is the path in which the generated .json and .csv files are stored

CONTENTS