chore(deps): update zricethezav/gitleaks-action action to v2

This PR contains the following updates:

Package	Type	Update	Change
zricethezav/gitleaks-action	action	major	`v1.6.0` -> `v2.3.6`

Release Notes

zricethezav/gitleaks-action (zricethezav/gitleaks-action)

### [`v2.3.6`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.6) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.5...v2.3.6) #### What's Changed - Using DefaultArtifactClient from [@actions/artifact](https://togithub.com/actions/artifact) package by [@codykhon](https://togithub.com/codykhon) in [https://github.com/gitleaks/gitleaks-action/pull/157](https://togithub.com/gitleaks/gitleaks-action/pull/157) #### New Contributors - [@codykhon](https://togithub.com/codykhon) made their first contribution in [https://github.com/gitleaks/gitleaks-action/pull/157](https://togithub.com/gitleaks/gitleaks-action/pull/157) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2...v2.3.6 ### [`v2.3.5`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.5) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.4...v2.3.5) #### What's Changed - bumping artifact dep by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/153](https://togithub.com/gitleaks/gitleaks-action/pull/153) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2...v2.3.5 ### [`v2.3.4`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.4) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.3...v2.3.4) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2.3.3...v2.3.4 ### [`v2.3.3`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.3) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.2...v2.3.3) #### What's Changed - bump gitleaks version by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/111](https://togithub.com/gitleaks/gitleaks-action/pull/111) - Document `GITLEAKS_VERSION` env var by [@spaze](https://togithub.com/spaze) in [https://github.com/gitleaks/gitleaks-action/pull/123](https://togithub.com/gitleaks/gitleaks-action/pull/123) - Upgrade from 'node16' to 'node20' by [@ericcornelissen](https://togithub.com/ericcornelissen) in [https://github.com/gitleaks/gitleaks-action/pull/134](https://togithub.com/gitleaks/gitleaks-action/pull/134) #### New Contributors - [@spaze](https://togithub.com/spaze) made their first contribution in [https://github.com/gitleaks/gitleaks-action/pull/123](https://togithub.com/gitleaks/gitleaks-action/pull/123) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2.3.2...v2.3.3 ### [`v2.3.2`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.2) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.1...v2.3.2) #### What's Changed - Update build instructions by [@ericcornelissen](https://togithub.com/ericcornelissen) in [https://github.com/gitleaks/gitleaks-action/pull/104](https://togithub.com/gitleaks/gitleaks-action/pull/104) - Update build instructions by [@weineran](https://togithub.com/weineran) in [https://github.com/gitleaks/gitleaks-action/pull/105](https://togithub.com/gitleaks/gitleaks-action/pull/105) - Upload report artifact even if there are no leaks detected by [@weineran](https://togithub.com/weineran) in [https://github.com/gitleaks/gitleaks-action/pull/106](https://togithub.com/gitleaks/gitleaks-action/pull/106) - Fix undefined repo by [@weineran](https://togithub.com/weineran) in [https://github.com/gitleaks/gitleaks-action/pull/108](https://togithub.com/gitleaks/gitleaks-action/pull/108) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2.3.1...v2.3.2 ### [`v2.3.1`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.1) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.3.0...v2.3.1) #### What's Changed - Upgraded [@actions/core](https://togithub.com/actions/core) dependency in order to resolve the warning that says "The set-output command is deprecated...". More info: [https://github.com/gitleaks/gitleaks-action/issues/100](https://togithub.com/gitleaks/gitleaks-action/issues/100) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2.3.0...v2.3.1 ### [`v2.3.0`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.2.1...v2.3.0) #### What's Changed - Add logo use to EULA by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/97](https://togithub.com/gitleaks/gitleaks-action/pull/97) - Switch to plaintext fingerprint by [@weineran](https://togithub.com/weineran) in [https://github.com/gitleaks/gitleaks-action/pull/98](https://togithub.com/gitleaks/gitleaks-action/pull/98) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2...v2.3.0 ### [`v2.2.1`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.2.1) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.2.0...v2.2.1) #### What's Changed - Log error when comment fails by [@weineran](https://togithub.com/weineran) in [https://github.com/gitleaks/gitleaks-action/pull/91](https://togithub.com/gitleaks/gitleaks-action/pull/91) **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2...v2.2.1 ### [`v2.2.0`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.1.4...v2.2.0) #### What's Changed - Feature/scheduled runs by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/89](https://togithub.com/gitleaks/gitleaks-action/pull/89) - populate html_url on scheduled runs by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/90](https://togithub.com/gitleaks/gitleaks-action/pull/90) You can now run scheduled runs with gitleaks-action. A scheduled gitleaks-action will scan the *entire* history of a repo. You can set up a scheduled run by adding `schedule` to the `on` entry: on: pull_request: push: workflow_dispatch: schedule: - cron: "0 4 * * *" # run once a day at 4 AM **Full Changelog**: https://github.com/gitleaks/gitleaks-action/compare/v2...v2.2.0 ### [`v2.1.4`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.1.4) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.1.3...v2.1.4) #### What's Changed - bumping gitleaks by [@zricethezav](https://togithub.com/zricethezav) in [https://github.com/gitleaks/gitleaks-action/pull/86](https://togithub.com/gitleaks/gitleaks-action/pull/86) ### [`v2.1.3`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.1.2...v2.1.3) ##### What's New - Updates actions/core and gitleaks dependencies [https://github.com/gitleaks/gitleaks-action/pull/85](https://togithub.com/gitleaks/gitleaks-action/pull/85) ### [`v2.1.2`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.1.2) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.1.1...v2.1.2) - Bumps gitleaks dependency to latest version (v8.11.1) [https://github.com/gitleaks/gitleaks-action/pull/84](https://togithub.com/gitleaks/gitleaks-action/pull/84) ### [`v2.1.1`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.1.1) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.1.0...v2.1.1) ##### What's New - Fixes 0 commit scans on initial PR commit [#82](https://togithub.com/zricethezav/gitleaks-action/issues/82) ### [`v2.1.0`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.1.0) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.8...v2.1.0) ##### What's new - Bumped Gitleaks version [https://github.com/gitleaks/gitleaks-action/pull/80](https://togithub.com/gitleaks/gitleaks-action/pull/80) - Introduced .gitleaksignore comments on PRs [https://github.com/gitleaks/gitleaks-action/pull/80](https://togithub.com/gitleaks/gitleaks-action/pull/80) ### [`v2.0.8`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.8) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.7...v2.0.8) #### What's New - Fixed scanning merge-commits in PRs [https://github.com/gitleaks/gitleaks-action/pull/79](https://togithub.com/gitleaks/gitleaks-action/pull/79) ### [`v2.0.7`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.7) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.6...v2.0.7) #### What's Changed: - Hardcoding gitleaks version by default instead of using latest [https://github.com/gitleaks/gitleaks-action/pull/78](https://togithub.com/gitleaks/gitleaks-action/pull/78) ### [`v2.0.6`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.6) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.5...v2.0.6) ##### What's New: - More thorough handling of different exit codes for job Summary [https://github.com/gitleaks/gitleaks-action/pull/75](https://togithub.com/gitleaks/gitleaks-action/pull/75) - Changed the comment on PR message [https://github.com/gitleaks/gitleaks-action/pull/74](https://togithub.com/gitleaks/gitleaks-action/pull/74) ### [`v2.0.5`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.5) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.4...v2.0.5) ##### What's New - Fix edge case on initial commit to repo when `base` and `head` refs are the same. ### [`v2.0.4`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.4) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.3...v2.0.4) ##### What's New - Ensure there are commits available to scan on push events [https://github.com/gitleaks/gitleaks-action/pull/67](https://togithub.com/gitleaks/gitleaks-action/pull/67) ### [`v2.0.3`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.3) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.2...v2.0.3) ##### What's New - Use `eventJson.commits` for commit range rather than `eventJson.before` and `eventJson.after`. This fixes `invalid revision range` on push event errors. ### [`v2.0.2`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.2) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.1...v2.0.2) ##### What's New - Fixed action.yml `name` so this action can be published on the marketplace ### [`v2.0.1`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.1) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v2.0.0...v2.0.1) ##### What's New - Individual user accounts do not need to obtain a license key. 🎉 - Added `GITLEAKS_ENABLE_SUMMARY` env var option to enable or disable Gitleaks-action job summaries (defaults to true) - Added `GITLEAKS_ENABLE_UPLOAD_ARTIFACT` env var option to enable or disable Gitleaks-action job artifact uploads (defaults to true) ### [`v2.0.0`](https://togithub.com/gitleaks/gitleaks-action/releases/tag/v2.0.0) [Compare Source](https://togithub.com/zricethezav/gitleaks-action/compare/v1.6.0...v2.0.0) ### What's Changed Gitleaks-Action Version 2 brings a range of new features including: ##### 1. On demand scans You can now use `workflow_dispatch` events to trigger on demand gitleaks scans. Screen Shot 2022-05-30 at 8 30 31 PM

##### 2. Gitleaks report artifact uploads Not much more to say here. Download reports when leaks are present. Pretty useful feature. Screen Shot 2022-05-30 at 9 20 36 PM

##### 3. Powered by the latest version of Gitleaks The latest version of gitleaks (v8.8.6 at the time of writing) has better performance, more configuration options, and is more accurate than the previous major version. ##### 4. Job summaries Easy to understand report of a Gitleaks job. If no leaks are detected you'll see: Screen Shot 2022-05-30 at 9 26 10 PM

If leaks are detected you'll see something like: Screen Shot 2022-05-30 at 8 41 07 PM

##### 5. Faster job times Gitleaks-Action Version 2 does not rely on Docker build anymore. ##### 6. Pull Request Comments If a leak is encountered during a pull request, gitleaks-action will comment on the line number and commit containing the secret. Screen Shot 2022-05-31 at 9 31 06 PM

##### What's fixed - Older versions of the gitleaks-action relied on using `git log` to determine the range of commits. Version 2 of gitleaks-action ensures that only relevent commits are scanned by leveraging Action context and GitHub's API. #### Getting started with Version 2 ##### Getting a License-Key (ONLY FOR ORGANIZATION REPOS, USER ACCOUNTS DO NOT NEED A LICENSE KEY) Before enabling Gitleaks-Action Version 2, you will need to obtain a gitleaks-action license key from [gitleaks.io](https://gitleaks.io/products) if you are using gitleaks within the context of an organization. **If you are using gitleaks-aciton on a user account's repo, you do not need a license key**. You can sign up for a free license key that will grant you access to use gitleaks-action on one repo. The free tier sign up link will take you to a google forms page where you can fill out your information. After filling out your information, you should receive an email similar to the one below. Screen Shot 2022-06-02 at 2 38 27 PM

NOTE: be patient with the free tier, the google forms API can be slow. NOTE: 1 free license per account. If you would like access to more repos for your organization or personal account, you can subscribe to one of the paid tiers which will grant you access to use Gitleaks-Action Version 2 on 10, 100, or 1000 repos. ##### Setting the `GITLEAKS_LICENSE` secret After getting a license key, head over to your github organization's or repo's settings and set `GITLEAKS_LICENSE` as a secret. Great! You can now run gitleaks-action v2: ```yaml name: gitleaks on: [pull_request, push, workflow_dispatch] jobs: scan: name: gitleaks runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - uses: zricethezav/gitleaks-action@v2.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} ```