gitleaks
by gitleaks
Gitleaks is a powerful tool designed to detect secrets such as passwords, API keys, and tokens in git repositories and other input sources to prevent sensitive data leaks.
Find secrets with Gitleaks 🔑
Primary Use Case
Gitleaks is primarily used by developers, security engineers, and DevOps teams to scan git repositories and codebases for accidental inclusion of sensitive information before code is committed or merged. It helps enforce security compliance by automating secret detection in CI/CD pipelines and pre-commit hooks, reducing the risk of credential exposure.
- Detects secrets like passwords, API keys, and tokens in git repos and files
- Supports scanning input from stdin for flexible usage
- Can be integrated as a GitHub Action for automated scanning in workflows
- Available as a pre-commit hook to prevent secrets from entering repos
- Multi-platform support with binaries, Homebrew, Docker, and source builds
- Provides detailed findings including file, line, commit, author, and entropy
- Open source with active community and Discord support
- Extensible detection engine based on regex rules
Installation
- Install on MacOS using Homebrew: brew install gitleaks
- Pull and run the Docker image from DockerHub: docker pull zricethezav/gitleaks:latest
- Run Docker container with volume mount: docker run -v ${path_to_host_folder_to_scan}:/path zricethezav/gitleaks:latest [COMMAND] [OPTIONS] [SOURCE_PATH]
- Pull and run Docker image from ghcr.io: docker pull ghcr.io/gitleaks/gitleaks:latest
- Clone the repository: git clone https://github.com/gitleaks/gitleaks.git
- Build from source using Go: cd gitleaks && make build
Usage
>_ gitleaks git -vRuns gitleaks with verbose output to detect secrets in the current git repository
>_ docker run -v ${path_to_host_folder_to_scan}:/path zricethezav/gitleaks:latest [COMMAND] [OPTIONS] [SOURCE_PATH]Run gitleaks inside a Docker container scanning the specified source path
>_ Use Gitleaks as a GitHub Action in workflows triggered on pull_request or pushAutomates secret scanning in CI/CD pipelines using the official gitleaks GitHub Action
- Integrate Gitleaks into CI/CD pipelines as a pre-commit hook or GitHub Action to automate secret detection and prevent leaks before code merges.
- Extend detection rules with custom regex patterns tailored to organizational secret formats for enhanced coverage.
- Use findings metadata (commit, author, file) to quickly triage and remediate exposed secrets, improving incident response times.
- Combine with secret management solutions to automate secret rotation upon detection of exposed credentials.
- Leverage multi-platform support (Docker, Homebrew, CLI) to embed scanning in diverse developer environments and workflows.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about gitleaks. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
server
nextcloud/server
☁️ Nextcloud server, a safe home for all your data
trufflehog
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
Ciphey
bee-san/Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
sops
getsops/sops
Simple and flexible tool for managing secrets
dotenv
motdotla/dotenv
Loads environment variables from .env for nodejs projects.
ecapture
gojue/ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.