Remove git-secrets references and add GitLeaks guidance#373
Remove git-secrets references and add GitLeaks guidance#373
Conversation
|
| One option is to use `pre-commit`: | ||
|
|
||
| ```yaml | ||
| repos: |
There was a problem hiding this comment.
Should we update the gitleaks precommit hook to the latest release? The current rev: v8.24.2 is several versions behind, the latest is v8.30.1.
Would it also be worth pinning to the commit SHA with a version comment, to stay consistent with the hash-pinning approach we require for GitHub Actions?
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: 83d9cd684c87d95d656c1458ef04895a7f1cbd8e # v8.30.1
hooks:
- id: gitleaks
| 2. Record why they are needed. | ||
| 3. Review them regularly and remove them when no longer justified. | ||
|
|
||
| ## Further reading |
There was a problem hiding this comment.
This is a good overview. Up to you if you think it's worth it, but some teams might benefit from a section with some tips on integrating gitleaks on repos where the commit history is especially long. For example, in the spineii repo we have a commit history of nearly 400K commits which takes ~10 minutes to scan if you do the whole lot.
We adopted a strategy of only scanning new commits on any given branch (after having separately done the initial scan of the full history).
The eventual approach is in-place here: https://github.com/NHSDigital/spineii/blob/develop/.github/workflows/scan-secrets-on-branch.yml
3 participants
No description provided.