Closed calebcartwright closed 3 years ago
@calebcartwright Note that the docs for scan exists in a separate repo - https://github.com/ShiftLeftSecurity/scan-docs . Only this repo is deployed to https://slscan.io/en/latest/
@calebcartwright Note that the docs for scan exists in a separate repo - https://github.com/ShiftLeftSecurity/scan-docs . Only this repo is deployed to https://slscan.io/en/latest/
Thanks @prabhu :+1: I actually couldn't find anything in the main docs site that helped me realize it was possible to customize the gitleaks rules with the rc file, just happened to stumble upon it here in this repo!
@calebcartwright Good feedback. Will add some sections to the docs and readme about the customizability aspects. Thanks for reporting!
I'm not sure if gitleaks ever had a
report-format
option, but it definitely doesn't any more. I ran into this because I needed to use a custom configuration with gitleaks to incorporate some additional regexes, and as I understand it, the only way to do that is with a .sastscanrc file. I started by just copying and extending the snippet from this TRICKS page and didn't realize the bad arg to gitleaks was the root cause of the issue I was seeing.The bad arg causes gitleaks to error but the behavior I saw with scan was a false pass that seemed to succeed but without finding secrets that I knew gitleaks should have been finding.
Ultimately a pebkac issue :smile: but I think it'd be helpful to remove the invalid opt from the documentation to hopefully prevent the same from happening to anyone else.
Finally, thanks for a wonderful tool! Took some time to figure out this issue but I've really been enjoying things now that I've got it working.