Last active
November 12, 2021 11:22
-
-
Save hughsaunders/db017a00824dd492755d60fdc070af7a to your computer and use it in GitHub Desktop.
Gitleaks Install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install gitleaks | |
| brew install gitleaks | |
| # Configure git hooks | |
| touch ~/.gitconfig | |
| cp ~/.gitconfig ~/.gitconfig.bk | |
| cat >> ~/.gitconfig <<EOF | |
| [core] | |
| hooksPath = ~/git-hooks | |
| EOF | |
| mkdir -p ~/git-hooks | |
| # Create hook script | |
| cat > ~/git-hooks/pre-commit <<'EOF' | |
| #!/bin/bash -eu | |
| set -o pipefail | |
| if ! command -v gitleaks &> /dev/null; then | |
| echo "ERROR: Gitleaks not installed!" | |
| exit 1 | |
| fi | |
| # Provide an escape hatch (for example committing gitleaks config files that contain offending strings) | |
| if [[ "$SKIP_GITLEAKS:-NO}" != "NO" ]]; then | |
| echo SKIPPING GIT LEAKS AS ENV VAR IS SET | |
| exit 0 | |
| fi | |
| # Provide a helpful error message for repos with no commits | |
| if ! git rev-parse HEAD &> /dev/null; then | |
| echo "It looks like this repo has just been initialised and has no commits. | |
| Gitleaks requires at least one commit to exist in the repo. | |
| Please create an empty root commit: | |
| git reset; SKIP_GITLEAKS=YES git commit --allow-empty -m initial | |
| then add and commit your code." | |
| exit 1 | |
| fi | |
| if git ls-files $(git rev-parse --show-toplevel)| grep -q '.gitleaks.toml' &> /dev/null; then | |
| gitleaks -v --leaks-exit-code=1 --config-path=$(git rev-parse --show-toplevel)/.gitleaks.toml | |
| else | |
| gitleaks -v --leaks-exit-code=1 | |
| fi | |
| EOF | |
| chmod +x ~/git-hooks/pre-commit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment