我正在尝试在 GitLab CI 中手动设置 gitleaks 来扫描我的 GitLab 存储库以获取 secret 。我想我的工作配置错误。作业通过,但输出一个未知标志“c”
,并且 gitleaks 帮助对话,但没有预期的基于 gitleaks 的实际输出。
我的`.gitlab-ci.yml'看起来像:
stages:
- security
gitleaks:
stage: security
image: zricethezav/gitleaks
script:
- gitleaks --verbose --repo-path=$PWD
有什么建议我可能会出错吗?
最佳答案
stages:
- leaks
- test
leaks:gitleaks:
stage: leaks
image:
name: "zricethezav/gitleaks"
entrypoint: [""]
script:
- gitleaks -v --repo-path=./ --config=gitleaks.toml
您可以调整阶段名称,但添加一个空入口点和 config file可能有帮助。
请注意,GitLab 14.7 (2022 年 1 月),Gitleaks 性能有了一些重大改进。
Building on the large rule expansion included in GitLab 14.5, we are updating our GitLab Secret Detection analyzer, Gitleaks, to the next major version 8.
This new, major version includes massive performance updates and a complete rewrite of its core detection engine.
Secret Detection historical scans should now run much faster, with a large reduction in memory usage.
This means both faster detection and shorter (and more efficient) pipelines.
This change also sets us up to make more performance improvements that will improve all non-historical Secret Detection job runs in the future.See Documentation and Issue.
关于gitlab-ci - gitlab ci 中的 gitleaks,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58211902/