Protect and discover secrets using Git-leaks - Blogs
X
02Aug

Protect and discover secrets using Git-leaks

  • Git-leaks is a SAST tool for detecting and preventing hardcoded secrets like Passwords, API keys and tokens in GitHub Repository.
  • Git-leaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.
  • Git-leaks would be configured as part of GitHub actions workflow for all the repositories we want to monitor for any sensitive secret patterns.

Example of Git-Leaks basic workflow:

Workflow

The above GitHub Actions workflow does couple of things:

  • It only runs when the repository event is a push (direct commit) or a pull request against main branch. This is defined in the ‘on’ section of workflow file.
  • The job runs against the latest Ubuntu environment.
  • The steps defined in the job checks out the repository and install the Git-leaks.
  • Git-leaks will scan and if leaks are present, it will detect in the Action logs and same time it will generate the artifact also.
  • If required, we can download those reports to identify the leaks in our Repository.
  • By using some public actions, you can also generate the report on the Pull-request.
  • This is Pretty useful feature, for easily identifying the secrets or leaks while merging to the main/master branch.

Results:

Git-leaks Actions log Report:

  • From the GitHub Actions live logs, you can see something like this if no leaks are detected

log-report

 

Git-leaks report artifact:

Download reports when leaks are present from GitHub Actions.

artifact

 

Pull Request Comments:

  • Easy to understand report of a Git-leaks job. If no leaks are detected during pull-request, you'll see:

Pr-1

 

  • If leaks are encountered during a pull request, you’ll see something like this.

Pr-2

 

How to remove the valid detected secrets:

  • By using the generate artifact report or pull-request comments we can identify, where the secrets are leaking and simply, we can do modifications in that to remove the detected secrets.
  • By using BFG repo cleaner also you can remove the secrets.

 

Benefits of using Git-Leaks with GitHub Actions:

  • Pretty useful feature, to identify the leaks like Passwords, API keys, and tokens in GitHub repos.
  • With GitHub Actions you can also generate the report on the Pull-request and live logs.
  • By using Reusable workflows, easily you can trigger in all the workflows and get the results

Related

Yes. It is Another Gold!

Keeping up the trend of staying current with the latest and the greatest technologies, Canarys has n...

Read More >

New Features in Sql Server 2008

Introduction:Many new developer features were introduced in SQL Server 2008 database. This tutorial ...

Read More >

Setup Jenkins for VSO with TFVC

Jenkins provides an easy-to-use Continuous Integration method, making it easier for developers to in...

Read More >

Source Code Management Tool – GIT (version control)

This blog is all about discussing the tool which is highly used in IT sector as source code manageme...

Read More >

DevOps with Visual Studio Team Services for Java

Hi All, if you are worrying how to do DevOps for Java in VSTS, here is the solution. I’m going to e...

Read More >

Creating Apps Using Phonegap Framework in IOS

Creating apps for different operating system is not a reliability so for reducing developr work for ...

Read More >

Microsoft Azure Webinars Registration- US

Date : 11th Feb 2016 | Day  : Thursday | Time : 11:30 AM EST | Duration : 1 HourREGISTER yourse...

Read More >

Swift Closures

In this blog post we will learn what is a closure, it's syntax and types of closures in Swift with e...

Read More >

Sonar Integration with TFS for Java Projects

 Sonar Integration with JAVA.1.Download sonar-3.7 and sonar-runner-2.3*** unzip folders and cop...

Read More >

Share

Try DevOpSmartBoard Ultimate complete Azure DevOps End-to end reporting tool

Sign Up

  • Recent
  • Popular
  • Tag
Monthly Archive
Subscribe
Name

Text/HTML
Contact Us
  • *
  • *