Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks aims to be the easy-to-use, all-in-one solution for finding secrets, past or present, in your code.

Features:

• Scans for commited secrets
• Scans for uncommitted secrets as part of shifting security left
• Available Github Action
• Gitlab and Github API support which allows scans of whole organizations, users, and pull/merge requests
• Custom rules via toml configuration
• High performance using go-git
• JSON and CSV reporting
• Private repo scans using key or password based authentication

Installation, Documentation and Examples

This project is documented here

Sponsors ❤️

Corporate Sponsors

Gamma proactively detects and remediates data leaks across cloud apps. Scan your public repos for secret leaks with Gamma

Individual Sponsors

These users are sponsors of gitleaks:

---

Logo Attribution

The Gitleaks logo uses the Git Logo created Jason Long is licensed under the Creative Commons Attribution 3.0 Unported License.