Skip to content

Add GitLab CI template for secret scanning with Gitleaks #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Add GitLab CI template for secret scanning with Gitleaks #44

wants to merge 21 commits into from

Conversation

rtrofimenkov-ssdlc
Copy link
Contributor

@rtrofimenkov-ssdlc rtrofimenkov-ssdlc commented Oct 7, 2025
edited
Loading

What's added:

  • New gitleaks.gitlab-ci.yml template for automatic secret detection in code
  • Support for two scan modes: diff (PR changes only) and full (entire repository)
  • Automatic Gitleaks v8.28.0 installation with Linux x64/ARM64 support
  • GitLab CI integration via three jobs:
    • gitleaks_diff - for MRs (automatic)
    • gitleaks_full_manual - for manual runs
    • gitleaks_full_scheduled - for scheduled scans
  • Custom configuration support via gitleaks.toml
  • Detailed results output with links to problematic code locations
  • JSON report artifacts for further analysis

Usage:

include:
  - remote: 'https://raw.githubusercontent.com/deckhouse/modules-gitlab-ci/refs/heads/main/templates/gitleaks.gitlab-ci.yml'

This template complements the existing Deckhouse CI template ecosystem, providing additional security for module development.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rtrofimenkov-ssdlc