secrets-gitleakslisted

# Secrets Detection with Gitleaks ## Overview Gitleaks is a secret detection tool that scans git repositories, files, and directories for hardcoded credentials including passwords, API keys, tokens, and other sensitive information. It uses regex-based pattern matching combined with Shannon entropy analysis to identify secrets that could lead to unauthorized access if exposed. This skill provides comprehensive guidance for integrating Gitleaks into DevSecOps workflows, from pre-commit hooks to CI/CD pipelines, with emphasis on preventing secret leakage before code reaches production. ## Quick Start Scan current repository for secrets: ```bash # Install gitleaks brew install gitleaks # macOS # or: docker pull zricethezav/gitleaks:latest # Scan current git repository gitleaks detect -v # Scan specific directory gitleaks detect --source /path/to/code -v # Generate report gitleaks detect --report-path gitleaks-report.json --report-format json ``` ## Core Workflows ### 1. Repository Scanning Scan existing repositories to identify exposed secrets: ```bash # Full repository scan with verbose output gitleaks detect -v --source /path/to/repo # Scan with custom configuration gitleaks detect --config .gitleaks.toml -v # Generate JSON report for further analysis gitleaks detect --report-path findings.json --report-format json # Generate SARIF report for GitHub/GitLab integration gitleaks detect --report-path findings.sarif --report-format sarif ``` **When to use**: Initi