Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks aims to be the easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
- Scans for commited secrets
- Scans for uncommitted secrets as part of shifting security left
- Available Github Action
- Gitlab and Github API support which allows scans of whole organizations, users, and pull/merge requests
- Custom rules via toml configuration
- High performance using go-git
- JSON and CSV reporting
- Private repo scans using key or password based authentication
This project is documented here
These users are sponsors of gitleaks:
 |
 |
|---|
The Gitleaks logo uses the Git Logo created Jason Long is licensed under the Creative Commons Attribution 3.0 Unported License.
