From 70217bfef5ecb775894a7f96a41faaa5a065887a Mon Sep 17 00:00:00 2001 From: Pierre-Yves Lapersonne Date: Tue, 23 Jan 2024 16:14:49 +0100 Subject: [PATCH] doc(#605): add details about Gitleaks uses Signed-off-by: Pierre-Yves Lapersonne --- DEVELOP.md | 30 ++++++++++++++++++++++++++++++ THIRD-PARTY.md | 10 ++++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/DEVELOP.md b/DEVELOP.md index e2f96c88..d4f5231f 100644 --- a/DEVELOP.md +++ b/DEVELOP.md @@ -103,3 +103,33 @@ Then you can run the following command bellow to check if the _AppNews.json_ fil ```shell check-jsonschema --schemafile schema.json AppNews.json ``` + +## Use of Gitleaks + +[Gitleaks](https://gitleaks.io/) can be used to check if secrets can be leaked or not. +A [GitHub Action](https://github.com/gitleaks/gitleaks-action) has been integrated to the repository with a configuration file defined in _/github/workflows_ named _gitleaks-action.yaml_. +It will launch the _Gitleaks_ tool automatically. + +Howevere this tool does not detect plain API key mixed in URL, that is a reason why _Gitleaks_ can be called in a pre-commit hook, using the _giteaks.toml_ at the root of the prokect. +To call _Gitleaks_ in pre-commit hooks, create a file named **pre-commit** inside _.git/hooks_ (then run `chmod u+x` in the file). +The place the bash code bellow in this file: + +```bash +# Run Gitleaks before commits +echo "Running pre-commit hook: Use of gitleaks" +gitleaks detect -v -l debug --source . + +# If the command fails, prevent the commit +if [ $? -ne 0 ]; then + echo "Pre-commit hook failed. Aborting commit." + exit 1 +fi +``` + +Or just run when you want the command: + +```shell +gitleaks detect -v -l debug --source . +``` + +Note that we face some issues about the use of _Gitleaks GitHub Action_ and _Gitleaks_ as CLI command, for fur further details see [#131](https://github.com/gitleaks/gitleaks-action/issues/131), [#132](https://github.com/gitleaks/gitleaks-action/issues/132) and [#1331](https://github.com/gitleaks/gitleaks/issues/1331). \ No newline at end of file diff --git a/THIRD-PARTY.md b/THIRD-PARTY.md index 428d52c5..72774c2f 100644 --- a/THIRD-PARTY.md +++ b/THIRD-PARTY.md @@ -61,7 +61,7 @@ You may download the source code on the [following website](https://github.com/C ### Fastlane -Version 2.111.0 +Version 2.213.0 Copyright 2015-2022 The Fastlane Authors. @@ -86,6 +86,13 @@ Copyright 2020 cpfriend1721994. *fastlane-plugin-mattermost* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT). You may download the source code on the [following website](https://github.com/cpfriend1721994/fastlane-plugin-mattermost). +### Gitleaks + +Copyright (c) 2019 Zachary Rice + +*gitleaks* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT). +You may download the source code on the [following website](https://github.com/gitleaks/gitleaks). + ### SwiftFormat Version 0.49.18 @@ -104,7 +111,6 @@ Copyright 2020 Realm Inc. *SwiftLint* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT). You may download the source code on the [following website](https://github.com/realm/SwiftLint). - ## For tests ### FileWithoutUTF8Content.jpg