Secrets analyzer
GitLab analyzer for leaked secrets.
This analyzer is based on the Gitleaks,
and TruffleHog tools;
it reports possible secret leaks, like application tokens and cryptographic keys, in the source code and files contained
in your project.
This analyzer is written in Go using
the common library
shared by all analyzers.
The common library
contains documentation on how to run, test and modify this analyzer.
Versioning and release process
Please check the common Versioning and release process documentation.
Updating the underlying Scanners
This project adds a name and a description to the rules present in Gitleaks and TruffleHog; updating the
underlying tools requires updating this information.
To update a tool:
- Change its version in the
Dockerfile
. - Update the map with new or updated rules (edit the tool's Go file in the
convert
directory):
- If new rules are present, add them.
- If a rule has been renamed, add a new one to keep backward compatibility.
- Ensure that Gitleaks and TruffleHog rules that detect the same thing (for example, an AWS key) have identical
information, add those to the map in
convert/common.go
.
Contributing
Contributions are welcome, see CONTRIBUTING.md
for more details.
License
This code is distributed under the GitLab Enterprise Edition (EE) license, see the LICENSE file.