Documentation ¶
Index ¶
Constants ¶
const ( // No leaks or early exit due to invalid options Success = 0 LeaksPresent = 1 ErrorEncountered = 2 )
No leaks or early exit due to invalid options This block defines the exit codes. Success
Variables ¶
This section is empty.
Functions ¶
func GetAccessToken ¶
GetAccessToken accepts options and returns a string which is the access token to a git host. Setting this option or environment var is necessary if performing an scan with any of the git hosting providers in the host pkg. The access token set by cli options takes precedence over env vars.
func SSHAuth ¶
func SSHAuth(opts Options) (*ssh.PublicKeys, error)
SSHAuth tried to generate ssh public keys based on what was passed via cli. If no path was passed via cli then this will attempt to retrieve keys from the default location for ssh keys, $HOME/.ssh/id_rsa. This function is only called if the repo url using the git:// protocol.
Types ¶
type Options ¶
type Options struct { Verbose bool `short:"v" long:"verbose" description:"Show verbose output from scan"` Repo string `short:"r" long:"repo" description:"Target repository"` Config string `long:"config" description:"config path"` Disk bool `long:"disk" description:"Clones repo(s) to disk"` Version bool `long:"version" description:"version number"` Username string `long:"username" description:"Username for git repo"` Password string `long:"password" description:"Password for git repo"` AccessToken string `long:"access-token" description:"Access token for git repo"` FilesAtCommit string `long:"files-at-commit" description:"sha of commit to scan all files at commit"` Threads int `long:"threads" description:"Maximum number of threads gitleaks spawns"` SSH string `long:"ssh-key" description:"path to ssh key used for auth"` Uncommited bool `long:"uncommitted" description:"run gitleaks on uncommitted code"` RepoPath string `long:"repo-path" description:"Path to repo"` OwnerPath string `long:"owner-path" description:"Path to owner directory (repos discovered)"` Branch string `long:"branch" description:"Branch to scan"` Report string `long:"report" description:"path to write json leaks file"` ReportFormat string `long:"report-format" default:"json" description:"json, csv, sarif"` Redact bool `long:"redact" description:"redact secrets from log messages and leaks"` Debug bool `long:"debug" description:"log debug messages"` RepoConfig bool `long:"repo-config" description:"Load config from target repo. Config file must be \".gitleaks.toml\" or \"gitleaks.toml\""` PrettyPrint bool `long:"pretty" description:"Pretty print json if leaks are present"` // Commit Options Commit string `long:"commit" description:"sha of commit to scan or \"latest\" to scan the last commit of the repository"` Commits string `long:"commits" description:"comma separated list of a commits to scan"` CommitsFile string `long:"commits-file" description:"file of new line separated list of a commits to scan"` CommitFrom string `long:"commit-from" description:"Commit to start scan from"` CommitTo string `long:"commit-to" description:"Commit to stop scan"` CommitSince string `` /* 135-byte string literal not displayed */ CommitUntil string `` /* 129-byte string literal not displayed */ Timeout string `long:"timeout" description:"Time allowed per scan. Ex: 10us, 30s, 1m, 1h10m1s"` Depth int `long:"depth" description:"Number of commits to scan"` Deletion bool `long:"include-deletion" description:"Scan for patch deletions in addition to patch additions"` // Hosts Host string `long:"host" description:"git hosting service like gitlab or github. Supported hosts include: Github, Gitlab"` BaseURL string `` /* 170-byte string literal not displayed */ Organization string `long:"org" description:"organization to scan"` User string `long:"user" description:"user to scan"` PullRequest string `long:"pr" description:"pull/merge request url"` ExcludeForks bool `long:"exclude-forks" description:"scan excludes forks"` }
Options stores values of command line options
func ParseOptions ¶
ParseOptions is responsible for parsing options passed in by cli. An Options struct is returned if successful. This struct is passed around the program and will determine how the program executes. If err, an err message or help message will be displayed and the program will exit with code 0.
func (Options) CheckUncommitted ¶
CheckUncommitted returns a boolean that indicates whether or not gitleaks should check unstaged pre-commit changes or if gitleaks should check the entire git history
func (Options) CloneOptions ¶
CloneOptions returns a git.cloneOptions pointer. The authentication method is determined by what is passed in via command-Line options. If No Username/PW or AccessToken is available and the repo target is not using the git protocol then the repo must be a available via no auth.