gitlab.com/gitlab-org/security-products/analyzers/secrets/v2

Secrets analyzer

GitLab analyzer for leaked secrets. This analyzer is based on the Gitleaks, and TruffleHog tools; it reports possible secret leaks, like application tokens and cryptographic keys, in the source code and files contained in your project.

This analyzer is written in Go using the common library shared by all analyzers.

The common library contains documentation on how to run, test and modify this analyzer.

Versioning and release process

Please check the common Versioning and release process documentation.

Updating the underlying Scanners

This project adds a name and a description to the rules present in Gitleaks and TruffleHog; updating the underlying tools requires updating this information.

To update a tool:

• Change its version in the Dockerfile.
• Update the map with new or updated rules (edit the tool's Go file in the convert directory):
  • If new rules are present, add them.
  • If a rule has been renamed, add a new one to keep backward compatibility.
  • Ensure that Gitleaks and TruffleHog rules that detect the same thing (for example, an AWS key) have identical information, add those to the map in convert/common.go.

Contributing

Contributions are welcome, see CONTRIBUTING.md for more details.

License

This code is distributed under the GitLab Enterprise Edition (EE) license, see the LICENSE file.