Closed xortim closed 3 years ago
Hi @xortim , that is correct scan-slim doesn't include many tools. This is the dockerfile used - https://github.com/ShiftLeftSecurity/sast-scan/blob/master/ci/Dockerfile-dynamic-lang .
@xortim gitleaks is now included in the scan-slim image. Could you kindly give it a try and let me know if it works for you?
Yup! Gitleaks works now, thank you!
Only one suggestion. The terraform lockfile is picked up by gitleaks due to the high entropy. Perhaps adjusting the default configuration to allow this and other common lockfiles.
I took a stab at it here #305
Great PR! Thanks @xortim !
I noticed that when using the scan-slim container, gitleaks doesn't appear to be installed
Is this expected?