implementing-secret-scanning-with-gitleaks

Featured

This skill covers implementing Gitleaks for detecting and preventing hardcoded secrets in git repositories. It addresses configuring pre-commit hooks, CI/CD pipeline integration, custom rule authoring for organization-specific secrets, baseline management for existing repositories, and remediation workflows for exposed credentials.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Secret Scanning with Gitleaks ## When to Use - When developers may accidentally commit API keys, passwords, tokens, or private keys to repositories - When establishing pre-commit gates that prevent secrets from entering the git history - When scanning existing repository history for previously committed secrets that need rotation - When compliance requirements mandate secret detection across all source code repositories - When migrating from manual secret audits to automated continuous scanning **Do not use** for detecting secrets in running applications or memory (use runtime secret detection), for managing secrets after detection (use Vault or AWS Secrets Manager), or for scanning container images (use Trivy or Grype). ## Prerequisites - Gitleaks v8.18+ installed via binary, Go install, or Docker - Pre-commit framework installed for local hook integration - Git repository with history to scan - CI/CD platform access (GitHub Actions, GitLab CI, or equivalent) ## Workflow ### Step 1: Install and Run Initial Repository Scan Perform a baseline scan of the repository to identify all existing secrets in the git history. ```bash # Install Gitleaks brew install gitleaks # macOS # or download binary from https://github.com/gitleaks/gitleaks/releases # Scan entire git history for secrets gitleaks detect --source . --report-format json --report-path gitleaks-report.json -v # Scan only staged changes (for pre-commit) gitleaks protect --staged --report-format ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

GitHub · DevTools GitLab · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Solid

secrets-gitleaks

Hardcoded secret detection and prevention in git repositories and codebases using Gitleaks. Identifies passwords, API keys, tokens, and credentials through regex-based pattern matching and entropy analysis. Use when: (1) Scanning repositories for exposed secrets and credentials, (2) Implementing pre-commit hooks to prevent secret leakage, (3) Integrating secret detection into CI/CD pipelines, (4) Auditing codebases for compliance violations (PCI-DSS, SOC2, GDPR), (5) Establishing baseline secret detection and tracking new exposures, (6) Remediating historical secret exposures in git history.

335 Updated today
aiskillstore
DevOps & Infrastructure Featured

implementing-secrets-scanning-in-ci-cd

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

12,642 Updated today
mukul975
AI & Automation Solid

secret-detection-scanner

Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.

1,034 Updated today
a5c-ai
AI & Automation Featured

implementing-devsecops-security-scanning

Integrates Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) into CI/CD pipelines using open-source tools. Covers Semgrep for SAST, Trivy for SCA and container scanning, OWASP ZAP for DAST, and Gitleaks for secrets detection. Activates for requests involving DevSecOps pipeline setup, automated security scanning in CI/CD, SAST/DAST/SCA integration, or shift-left security implementation.

12,642 Updated today
mukul975
AI & Automation Solid

secret-detection

Detect secrets in code, git history, and running containers — pre-commit hooks, CI scanning, and incident response for exposed credentials.

14 Updated 3 days ago
sawrus