Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update gitleaks/gitleaks-action action to v2 #504

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore(deps): update gitleaks/gitleaks-action action to v2 #504

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jan 2, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
gitleaks/gitleaks-action action major v1.6.0 -> v2.3.7

Release Notes

gitleaks/gitleaks-action (gitleaks/gitleaks-action)

v2.3.7

Compare Source

What's Changed

New Contributors

Full Changelog: gitleaks/gitleaks-action@v2.3.6...v2.3.7

v2.3.6

Compare Source

What's Changed

New Contributors

Full Changelog: gitleaks/gitleaks-action@v2...v2.3.6

v2.3.5

Compare Source

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2...v2.3.5

v2.3.4

Compare Source

Full Changelog: gitleaks/gitleaks-action@v2.3.3...v2.3.4

v2.3.3

Compare Source

What's Changed

New Contributors

Full Changelog: gitleaks/gitleaks-action@v2.3.2...v2.3.3

v2.3.2

Compare Source

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2.3.1...v2.3.2

v2.3.1

Compare Source

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2...v2.3.0

v2.2.1

Compare Source

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2...v2.2.1

v2.2.0

Compare Source

What's Changed

You can now run scheduled runs with gitleaks-action. A scheduled gitleaks-action will scan the entire history of a repo. You can set up a scheduled run by adding schedule to the on entry:

on:
  pull_request:
  push:
  workflow_dispatch:
  schedule:
    - cron: "0 4 * * *" # run once a day at 4 AM

Full Changelog: gitleaks/gitleaks-action@v2...v2.2.0

v2.1.4

Compare Source

What's Changed

v2.1.3

Compare Source

What's New

v2.1.2

Compare Source

v2.1.1

Compare Source

What's New
  • Fixes 0 commit scans on initial PR commit #​82

v2.1.0

Compare Source

What's new

v2.0.8

Compare Source

What's New

v2.0.7

Compare Source

What's Changed:

v2.0.6

Compare Source

What's New:

v2.0.5

Compare Source

What's New
  • Fix edge case on initial commit to repo when base and head refs are the same.

v2.0.4

Compare Source

What's New

v2.0.3

Compare Source

What's New
  • Use eventJson.commits for commit range rather than eventJson.before and eventJson.after. This fixes invalid revision range on push event errors.

v2.0.2

Compare Source

What's New
  • Fixed action.yml name so this action can be published on the marketplace

v2.0.1

Compare Source

What's New
  • Individual user accounts do not need to obtain a license key. 🎉
  • Added GITLEAKS_ENABLE_SUMMARY env var option to enable or disable Gitleaks-action job summaries (defaults to true)
  • Added GITLEAKS_ENABLE_UPLOAD_ARTIFACT env var option to enable or disable Gitleaks-action job artifact uploads (defaults to true)

v2.0.0

Compare Source

What's Changed

Gitleaks-Action Version 2 brings a range of new features including:

1. On demand scans

You can now use workflow_dispatch events to trigger on demand gitleaks scans.

Screen Shot 2022-05-30 at 8 30 31 PM
2. Gitleaks report artifact uploads

Not much more to say here. Download reports when leaks are present. Pretty useful feature.

Screen Shot 2022-05-30 at 9 20 36 PM
3. Powered by the latest version of Gitleaks

The latest version of gitleaks (v8.8.6 at the time of writing) has better performance, more configuration options, and is more accurate than the previous major version.

4. Job summaries

Easy to understand report of a Gitleaks job. If no leaks are detected you'll see:

Screen Shot 2022-05-30 at 9 26 10 PM

If leaks are detected you'll see something like:

Screen Shot 2022-05-30 at 8 41 07 PM
5. Faster job times

Gitleaks-Action Version 2 does not rely on Docker build anymore.

6. Pull Request Comments

If a leak is encountered during a pull request, gitleaks-action will comment on the line number and commit containing the secret.

Screen Shot 2022-05-31 at 9 31 06 PM
What's fixed
  • Older versions of the gitleaks-action relied on using git log to determine the range of commits. Version 2 of gitleaks-action ensures that only relevent commits are scanned by leveraging Action context and GitHub's API.

Getting started with Version 2

Getting a License-Key (ONLY FOR ORGANIZATION REPOS, USER ACCOUNTS DO NOT NEED A LICENSE KEY)

Before enabling Gitleaks-Action Version 2, you will need to obtain a gitleaks-action license key from gitleaks.io if you are using gitleaks within the context of an organization. If you are using gitleaks-aciton on a user account's repo, you do not need a license key. You can sign up for a free license key that will grant you access to use gitleaks-action on one repo. The free tier sign up link will take you to a google forms page where you can fill out your information. After filling out your information, you should receive an email similar to the one below.

Screen Shot 2022-06-02 at 2 38 27 PM

NOTE: be patient with the free tier, the google forms API can be slow.

NOTE: 1 free license per account.

If you would like access to more repos for your organization or personal account, you can subscribe to one of the paid tiers which will grant you access to use Gitleaks-Action Version 2 on 10, 100, or 1000 repos.

Setting the GITLEAKS_LICENSE secret

After getting a license key, head over to your github organization's or repo's settings and set GITLEAKS_LICENSE as a secret. Great! You can now run gitleaks-action v2:

name: gitleaks
on: [pull_request, push, workflow_dispatch]
jobs:
  scan:
    name: gitleaks
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: zricethezav/gitleaks-action@v2.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jan 2, 2023
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch 2 times, most recently from 728fe6c to b0e6617 Compare January 4, 2023 23:32
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch from b0e6617 to 4887d55 Compare January 12, 2023 17:05
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch from 4887d55 to 825dbae Compare January 28, 2023 17:26
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch 4 times, most recently from f95ff94 to 1d39073 Compare March 23, 2023 17:08
@renovate renovate bot changed the title chore(deps): update gitleaks/gitleaks-action action to v2 chore(deps): update gitleaks/gitleaks-action action to v2 - autoclosed Apr 4, 2023
@renovate renovate bot closed this Apr 4, 2023
@renovate renovate bot deleted the renovate/gitleaks-gitleaks-action-2.x branch April 4, 2023 01:54
@renovate renovate bot changed the title chore(deps): update gitleaks/gitleaks-action action to v2 - autoclosed chore(deps): update gitleaks/gitleaks-action action to v2 Apr 4, 2023
@renovate renovate bot reopened this Apr 4, 2023
@renovate renovate bot restored the renovate/gitleaks-gitleaks-action-2.x branch April 4, 2023 10:26
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch 3 times, most recently from 1e3ef0b to cbfabef Compare July 11, 2023 16:30
@renovate renovate bot changed the base branch from master to dev July 11, 2023 16:30
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch 2 times, most recently from cd21abc to 6f91212 Compare September 28, 2023 08:36
@sonarcloud
Copy link

sonarcloud bot commented Sep 28, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch from 6f91212 to e14e5f2 Compare February 8, 2024 23:09
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch from e14e5f2 to abe3c48 Compare February 22, 2024 04:07
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch 2 times, most recently from bf78937 to 08873fb Compare May 30, 2024 15:45
@renovate renovate bot force-pushed the renovate/gitleaks-gitleaks-action-2.x branch from 08873fb to 3c8e67b Compare October 14, 2024 05:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants