You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug gitleaks pre-commit hook scans the staged files instead of the files that pre-commit requests to scan.
To Reproduce
Steps to reproduce the behavior:
# assuming pre-commit 2.21.0, go 1.22.3
mkdir -p precommit-reproduce
rm -rf precommit-reproduce/*
cd precommit-reproduce
git init
cat > .pre-commit-config.yaml <<EOF
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.2
hooks:
- id: gitleaks
EOF
echo "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef" > leak.go
git add .pre-commit-config.yaml leak.go
git commit -m "Initial commit with a leak"
pre-commit install
pre-commit run --files leak.go # succeeds, but should not
echo "export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef" >> leak.go
git add leak.go
# This one fails as expected.
git commit -m "Add another leak"
Expected behavior
pre-commit run --files leak.go should fail with a message about a leak
Screenshots none
Basic Info (please complete the following information):
OS: Ubuntu 20.04
Gitleaks Version: 8.18.2
Additional context
pre-commit run --files is a use case eg. in merge-gate scenario in CI. A generic way of running pre-commit on all changed files in a PR is to git diff the changes between source and target branch, then feed the list to pre-commit.
The workaround is probably to use gitleaks-action or to write custom code which creates a scan baseline. But couldn't gitleaks accept a list of files to scan, so that it integrates nicely with less-commonly-used commands of pre-commit?
Describe the bug
gitleaks
pre-commit hook scans the staged files instead of the files that pre-commit requests to scan.To Reproduce
Steps to reproduce the behavior:
Expected behavior
pre-commit run --files leak.go
should fail with a message about a leakScreenshots
none
Basic Info (please complete the following information):
Additional context
pre-commit run --files
is a use case eg. in merge-gate scenario in CI. A generic way of running pre-commit on all changed files in a PR is togit diff
the changes between source and target branch, then feed the list to pre-commit.The workaround is probably to use gitleaks-action or to write custom code which creates a scan baseline. But couldn't
gitleaks
accept a list of files to scan, so that it integrates nicely with less-commonly-used commands ofpre-commit
?cc @zricethezav
The text was updated successfully, but these errors were encountered: