Skip to content

Commit b966e9c

Browse files
jindrichskupajindrichskupa
committed
feat(apps): add gitleaks to detect leaked secrets into git
1 parent 0ae4aaf commit b966e9c

File tree

3 files changed

+19
-0
lines changed

3 files changed

+19
-0
lines changed

.github/workflows/container.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ env:
1212
tfsec_version: "1.28.13" # https://github.com/aquasecurity/tfsec/releases
1313
tf_summarize_version: "0.3.14" # https://github.com/dineshba/tf-summarize/releases
1414
gitlab_terraform: "1.8.0" # https://gitlab.com/gitlab-org/terraform-images/-/tags
15+
gitleaks_version: "8.20.1" # https://github.com/gitleaks/gitleaks/releases
1516

1617
jobs:
1718
build:
@@ -75,6 +76,7 @@ jobs:
7576
TFLINT_VERSION=${{ env.tflint_version }}
7677
TFSEC_VERSION=${{ env.tfsec_version }}
7778
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
79+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
7880
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
7981
GITHUB_TOKEN=${{ github.token }}
8082
tags: |
@@ -96,6 +98,7 @@ jobs:
9698
TFLINT_VERSION=${{ env.tflint_version }}
9799
TFSEC_VERSION=${{ env.tfsec_version }}
98100
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
101+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
99102
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
100103
GITHUB_TOKEN=${{ github.token }}
101104
tags: |
@@ -117,6 +120,7 @@ jobs:
117120
TFLINT_VERSION=${{ env.tflint_version }}
118121
TFSEC_VERSION=${{ env.tfsec_version }}
119122
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
123+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
120124
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
121125
GITHUB_TOKEN=${{ github.token }}
122126
tags: |
@@ -138,6 +142,7 @@ jobs:
138142
TFLINT_VERSION=${{ env.tflint_version }}
139143
TFSEC_VERSION=${{ env.tfsec_version }}
140144
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
145+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
141146
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
142147
GITHUB_TOKEN=${{ github.token }}
143148
tags: |
@@ -159,6 +164,7 @@ jobs:
159164
TFLINT_VERSION=${{ env.tflint_version }}
160165
TFSEC_VERSION=${{ env.tfsec_version }}
161166
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
167+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
162168
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
163169
GITHUB_TOKEN=${{ github.token }}
164170
tags: |
@@ -201,6 +207,7 @@ jobs:
201207
TFLINT_VERSION=${{ env.tflint_version }}
202208
TFSEC_VERSION=${{ env.tfsec_version }}
203209
TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }}
210+
GITLEAKS_VERSION=${{ env.gitleaks_version }}
204211
GITLAB_TERRAFORM=${{ env.gitlab_terraform }}
205212
GITHUB_TOKEN=${{ github.token }}
206213
tags: |

Dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,12 @@ ARG GITLAB_TERRAFORM
3636
RUN wget -q -O /usr/local/bin/gitlab-terraform https://gitlab.com/gitlab-org/terraform-images/-/raw/v${GITLAB_TERRAFORM}/src/bin/gitlab-terraform.sh
3737
RUN chmod +x /usr/local/bin/gitlab-terraform
3838

39+
ARG GITLEAKS_VERSION
40+
41+
RUN curl -fsSL -o /tmp/gitleaks.tar.gz https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz
42+
RUN tar xzf /tmp/gitleaks.tar.gz -C /tmp && rm /tmp/gitleaks.tar.gz
43+
RUN mv /tmp/gitleaks /usr/local/bin/gitleaks && chmod +x /usr/local/bin/gitleaks
44+
3945
FROM cookielab/slim:12.9
4046

4147
RUN apt update && apt install -y openssl wget curl zip python3 tzdata jq git idn2 \

Dockerfile.alpine

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,12 @@ ARG GITLAB_TERRAFORM
3636
RUN wget -q -O /usr/local/bin/gitlab-terraform https://gitlab.com/gitlab-org/terraform-images/-/raw/v${GITLAB_TERRAFORM}/src/bin/gitlab-terraform.sh
3737
RUN chmod +x /usr/local/bin/gitlab-terraform
3838

39+
ARG GITLEAKS_VERSION
40+
41+
RUN curl -fsSL -o /tmp/gitleaks.tar.gz https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz
42+
RUN tar xzf /tmp/gitleaks.tar.gz -C /tmp && rm /tmp/gitleaks.tar.gz
43+
RUN mv /tmp/gitleaks /usr/local/bin/gitleaks && chmod +x /usr/local/bin/gitleaks
44+
3945
FROM cookielab/alpine:3.21
4046

4147
RUN apk --update --no-cache add openssl wget curl zip python3 tzdata jq git idn2-utils

0 commit comments

Comments
 (0)