Skip to main content

3.3.2 Integrating Gitleaks with GHA

Youtube ๐Ÿ“บ

In this section let's explore how can we practically integrate Gitleaks with Github Actions utilising both the scenarios discussed earlier.

โœ… Prepare the Codeโ€‹

The below command shall prepare the code for integrating gitleaks github action in all the workflow files created till now and also add gitleaks.yaml workflow for a cron job Github Action.

cd ~/playground/
git checkout main
git pull
cp -r ~/s4cpcode/chapter3/3D/. ~/playground/
git status
git add .
git commit -m "adding gitleaks"
git push

โšก Triggering Gitleaksโ€‹

  • This command will insert dummy AWS keys in provider.tf file
  • It will also create a new branch called gitleaks.
cp -r ~/s4cpcode/chapter3/3DD/. ~/playground/
cd ~/playground/
git checkout -b gitleaks
git status
git add .
git commit -m "triggering gitleaks"
git push --set-upstream origin gitleaks

๐Ÿ”„ Create PRโ€‹

Please create a PR from gitleaks branch to main branch

๐Ÿ” View PRโ€‹

  • As can be seen that Gitleaks caught the keys we accidentally (:-P) leaked

PR Failure

The PR failed because an incorrect configuration was purposely introduced. PRs should not fail for any security tool as it reduces productivity of engineering teams.