After some more tests on our internal pipeline, this new version of GitLeaks doesn't seem to behave in the same manner as the previous one and must be reverted.
In the v6.1.2GitLeaks version, by setting the --repo-config flag, the tool tries to find the config file, .gitleaks.toml, and overwrites its own default set of rules by the ones present in it. The issue we're facing is that repositories that only want to add allowlist rules will also need to input the default settings for the tool to work with them.
The code here developed is functional and working and there is an ongoing issue in GitLeaks repository that addresses this matter. After it's finished and merged, we'd simply need to merge the Update-Gitleaks branch back.
Reverts globocom/huskyCI#505
After some more tests on our internal pipeline, this new version of
GitLeaks
doesn't seem to behave in the same manner as the previous one and must be reverted.In the
v6.1.2
GitLeaks
version, by setting the--repo-config
flag, the tool tries to find the config file,.gitleaks.toml
, and overwrites its own default set of rules by the ones present in it. The issue we're facing is that repositories that only want to addallowlist
rules will also need to input the default settings for the tool to work with them.The code here developed is functional and working and there is an ongoing issue in
GitLeaks
repository that addresses this matter. After it's finished and merged, we'd simply need to merge theUpdate-Gitleaks
branch back.