Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: gitleaks | Distribution: openSUSE:Factory:zSystems |
Version: 8.21.2 | Vendor: openSUSE |
Release: 1.2 | Build date: Tue Oct 29 15:00:10 2024 |
Group: Unspecified | Build host: reproducible |
Size: 8465525 | Source RPM: gitleaks-8.21.2-1.2.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/gitleaks/gitleaks | |
Summary: Protect and discover secrets using Gitleaks |
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.
MIT
* Tue Oct 29 2024 [email protected] - Update to version 8.21.2: * feat(rules): create Octopus Deploy api key (#1602) * fix(aws-access-token): only match if correct length (#1584) * fix(config): ignore jquery/swagger w/o version (#1607) * feat: add new GitLab tokens (#1560) * feat(generic-api-key): tune false positives (#1606) * Create .gitleaks.toml (#1605) * feat(curl): tweak tps and fps (#1603) * feat(config): ignore swagger-ui assets (#1604) * feat(generic-api-key): exclude keywords (#1587) * feat(okta): bump entropy to 4 (#1599) * feat: update global allowlist (#1597) * refactor(allowlist): deduplicate commits & keywords (#1596) * feat(config): ignore jquery static assets (#1595) * More rule fixes (#1586) * chore: log skipped symlinks (#1591) * feat: match left side of identifier (#1585) * what secrets? * fix(rules): add entropy (#1580) * feat(aws): add entropy & allowlist (#1582) * feat(rules): add 1password token (#1583) * feat(config): add curl header rule (#1576) * Fri Oct 18 2024 [email protected] - Update to version 8.21.1: * feat: add curl basic auth rule (#1575) * Update spelling in README.md (#1574) * refactor(allowlist): use iota for condition (#1569) * refactor(config): temporarily switch to [rules.allowlist] (#1573) * Tue Oct 15 2024 [email protected] - Update to version 8.21.0: * Define multiple allowlists per rule (#1496) * build: upgrade gitleaks/go-gitdiff to v0.9.1 (#1559) * Fix rule extension (#1556) * Update base config allowlist (#1555) * feat(azure): detect Azure AD client secrets (#1199) * chore: match gitleaks.toml anywhere (#1553) * Fri Oct 11 2024 [email protected] - Update to version 8.20.1: * feat(config): add placeholder regexes to global allowlist (#1547) * feat: add PrivateAI rule (#1548) * Bump golang verion used in docker build to match version specified in go.mod (#1551) * feat: add cohere rule (#1549) * feat(generate): generate global (#1546) * Feat/nuget config password rule (#1540) * Fri Oct 04 2024 [email protected] - Update to version 8.20.0: * Make private key check less greedy and include fifth dash (#1440) * print tags if they exist * Decode Base64 (#1488) * refactor(config): keyword map (#1538) * fix: use regexTarget for extend config (#1536) * feat: bump go to 1.22 (#1537) * fix: handle pre-commit and staged (#1533) * Bugfix/1352 incorrect report multiple lines (#1501) * Fri Sep 27 2024 [email protected] - Update to version 8.19.3: * fix(config): extend allowlist & handle extend when validating (#1524) * refactor(kubernetes-secret): tweak variable chars (#1520) * Revert "remove validate config test temporarily" (#1529) * feat: create fly.io rule (#1528) * fix: to many false-positive for gltf files, add gltf suffix to allowlist (#1527) * Add support in .gitleaksignore file comment strings (#1425) (#1502) * Restrict Etsy keywords (#1491) * feat(github): add entropy to rule (#1489) * feat(gcp): update api key rule (#1481) * fix(hashicorp): ignore common fps (#1498) * fix(square): make prefix case sensitive (#1469) * refactor(kubernetes-secret): collapse rules and update regex (#1462) * Sat Sep 21 2024 [email protected] - Update to version 8.19.2: * fix(rule): comment out errant validation case (#1509) * remove validate config test temporarily * Update README.md * Sat Sep 14 2024 [email protected] - Update to version 8.19.1: * fix flag access (#1506) * Sat Sep 14 2024 [email protected] - Update to version 8.19.0: * Deprecate `detect` and `protect`. Add `git`, `dir`, `stdin` (#1504) * Update Harness rules to add _ and - in the account ID part. (#1503) * chore: fix gl workflow error (#1487) * Make config generation utils public (#1480) * Update Hashicorp Vault token pattern (#1483) * feat(config): update rule validation (#1466) * Update .gitleaksignore * fix(detect): handle EOF with bytes (#1472) * Added poetry.lock to default allowlist paths (#1474) * refactor(sarif): remove |name| and change |shortDescription| (#1473) * Use rule id for config validation error (#1463) * Use first non-empty group if `secretGroup` isn't set (#1459) * chore: remove unnecessary capture groups (#1460) * Return non-0 exit code from `DetectGit` (#1461) * add gradle verification-metadata.xml to global allowlist (#1446) * feat(openshift): add user token (#1449) * (feat): Adding secret detection rule for Kubernetes secrets (#1454) * add version to default * Add go.work and go.work.sum to global allowlist (#1353) * Add harness PAT and SAT rules (#1406) * Update README.md * Fri Jun 14 2024 [email protected] - Update to version 8.18.4: * Limit hashicorp-tf-password to .tf/.hcl files (#1420) * rm print * reduce telegram... todo url and xml for later * coderabbit.ai <3 * Add NewRelic insert key detection (#1417) * Improved Telegram bot token rule regex and added more test cases (#1404) * Add intra42 client secret (#1408) * Sat Jun 01 2024 [email protected] - Update to version 8.18.3: * extend FB access token discovery (#1407) * tests: scalingo validation consistent test (#1359) * add real (test) standard and restricted keys (#1375) * Add Cloudflare API and Origin CA keys (#1374) * Update "contributing guidelines" link (#1390) * add update token from square (#1370) * feat: facebook secret, access token, and page access token rules (#1372) * update mailchimp with new tokens (#1376) * Append ordered rules when extending (#1304) * fix: age rule id with dashes (#1349) * patching golang.org/x/text for CVE-2021-38561 and CVE-2022-32149 (#1342) * Use latest base images. (#1334) * Sun May 05 2024 Andreas Stieger <[email protected]> - Update to version 8.18.2: * Remove IAM identifiers for non-credential resources in the aws-access-token rule * Update stripe rule to not alert on publishable keys * --max-target-megabytes flag now supported for --no-git flag as well * add pre-commit hook gitleaks-system * fix errors when using protect and an external git diff tool * rename filesystem to directory * Enhance Secret Descriptions * Small refactor `detect` and `sources` * chore(config): refactor to go generate; simplify configRules init * pretty apparent 'protect' and 'detect' should be merged into one command * style: sort the stopwords * Sat Nov 25 2023 Dirk Müller <[email protected]> - update to 8.18.1: * dont crash on 100gb files pls (#1292) * remove secretgroup from default config (#1288) * feat: Hashicorp Terraform fields for password (#1237) * perf: avoid allocations with `(*regexp.Regexp).MatchString` (#1283) * refactor: more explicit rules (#1280) * bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278) * add Infracost API rule (#1273) * refactor: simplify test asserts (#1271) * Update Makefile * refactor: change detect tests to t.Fatal instead of log.Fatal (#1270) * feat(rules): Add detection for Scalingo API Token (#1262) * feat(jwt): detect base64-encoded tokens (#1256) * feat: add --ignore-gitleaks-allow cmd flag (#1260) * switch out libs (#1259) * fix: no-color option should also affect zerolog (#1242) * Fixed lineEnd indexing if the match is the whole line (#1223) * feat: Add optional redaction value, default 100 (#1229) * fix(jwt): longer segment lengths (#1214) * Added yarn.lock file to default allowlist paths (#1258) * Update README.md * feat(rules): make case insensitivity optional (#1215) * feat(rules): detect Hugging Face access tokens * Resolve #1170 - Enable selection of a single rule (#1183) * Update authress.go to include alternate form account dash (-) (#1224) * refactor: remove unnecessary removing temp files in tests (#1255) * refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254) * fix(sumologic): improve patterns (#1218) * Fix inconsistent generated values in config * feat: add JFrog API and Identity keys * Add entropy check to plaid client/secret ID rules * Update config template logic * Include entropy in Plaid rule file * refactor: fix #722 properly * Add `REDACTED` to stopwords for `generic-api-key` rule * Add detection for Snyk tokens * Add makefile variable detections * chore: update deps to fix solaris #1158 * Add junit report format * Ignore all comits when `.gitleaksignore` fingerprint lacks SHA * Improved global exclusion list * Add detection for OpenAI API keys * Add warning for quoted `--log-opts` values * Fixed docker run command in README.md * add tags support for csv and sarif formats * Update Slack token regexes * Sat Nov 25 2023 [email protected] - Update to version 8.18.1: * dont crash on 100gb files pls (#1292) * remove secretgroup from default config (#1288) * feat: Hashicorp Terraform fields for password (#1237) * perf: avoid allocations with `(*regexp.Regexp).MatchString` (#1283) * refactor: more explicit rules (#1280) * bugfix: reduce false positives for stripe tokens by using word boundaries in regex (#1278) * add Infracost API rule (#1273) * refactor: simplify test asserts (#1271) * Update Makefile * refactor: change detect tests to t.Fatal instead of log.Fatal (#1270) * feat(rules): Add detection for Scalingo API Token (#1262) * feat(jwt): detect base64-encoded tokens (#1256) * feat: add --ignore-gitleaks-allow cmd flag (#1260) * switch out libs (#1259) * fix: no-color option should also affect zerolog output (#1242) * Fixed lineEnd indexing if the match is the whole line (#1223) * feat: Add optional redaction value, default 100 (#1229) * fix(jwt): longer segment lengths (#1214) * Added yarn.lock file to default allowlist paths (#1258) * Update README.md * feat(rules): make case insensitivity optional (#1215) * feat(rules): detect Hugging Face access tokens (#1204) * Resolve #1170 - Enable selection of a single rule (#1183) * Update authress.go to include alternate form account dash (-) (#1224) * refactor: remove unnecessary removing temp files in tests (#1255) * refactor: use os.ReadFile instead of os.Open + io.ReadAll (#1254) * fix(sumologic): improve patterns (#1218) * refactor: fix #722 properly (#1250) * fix(plaid): include entropy in go definition (#1252) * feat(config): update template logic (#1201) * Add entropy check to plaid client/secret ID rules (#1213) * feat: add JFrog API and Identity keys (#1233) * chore(config): fix inconsistent generated values (#1200) * Revert "Initial set of Azure secrets for #539 (#1079)" (#1197) * Initial set of Azure secrets for #539 (#1079) * feat(slack): update token regex (#1161) * add tags support for csv and sarif formats (#1176) * Fixed docker run command in README.md (#1194) * feat: add warning for quoted --log-opts values (#1160) * Add detection for OpenAI API keys (#1148) * Add some useless files (#1193) * add tests for commits * fix broken vet, format some stuff * add some gl ignores * Ignore all comits when `.gitleaksignore` fingerprint lacks SHA (#1156) * Add junit report format (#920) * chore: update deps to fix solaris link (#1159) * Add makefile variable detections (#1191) * Add detection for Snyk tokens (#1190) * Add `REDACTED` to stopwords for `generic-api-key` rule (#1188) * Added option to specify .gitleaksignore path (#1179) * Fix closing file in writeJson and writeSarif (#1187) * Simplify tests by using T.TempDir (#1186) * Fix typos in *.md, comments and logs (#1185) * Update README.md * Update bug_report.md * Adding discord channel to readme * 🐛 fix(sarif): update report to pass validator (#1167) * fix(detect): extra secret from group before checking allowlist (#1152) * Fix G307 warning: Deferring unsafe method "Close" on type "*os.File" (#1154) * fix(detect): avoid panic with verbose flag (#1143) * Fix typo (#1142) * No color (#1136) * Update README.md * safer out of bounds (#1135) * Add Authress access key format: https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/ (#1131) * Update pre-commit address and rev tag in README (#1125) * Update gitleaks.yml * Update README.md * Update README.md * Update .gitleaksignore * Bufix/1100 protect stagged files (#1121) * remove extra default on source option * fix README.md !? (#1123) * Improve rule descriptions for Stripe and Facebook access tokens (#1119) * Add Defined Networking API Tokens (#1096) * Update gitleaks.toml (#1116) * Update gitleaks.yml (#1117) * Add gradle.lockfile to allowlist (#1112) * Update pre-commit rev tag in README (#1108) * Add pnpm-lock.yaml and Database.refactorlo (#1109) * Mon Mar 13 2023 Johannes Kastl <[email protected]> - BuildRequire go1.19; fix wrong URL and Summary * Mon Mar 13 2023 [email protected] - Update to version 8.16.0: * Feat/allowlist regex target (#1107) * Mon Mar 13 2023 [email protected] - Update to version 8.15.4: * ignore package-lock.json (#1076) * Fix typos in README.md and CONTRIBUTING.md (#1090) * fix: ignore baseline if path was not relative in source (#1101) * Fix H in GitHub and update pre-commit rev tag in README (#1087) * Mon Mar 13 2023 [email protected] - Update to version 8.15.3: * Add missing GitLab token patterns (#1077) * Fix rule for private keys (#1072) * Mon Mar 13 2023 [email protected] - Update to version 8.15.2: * remove color formatting when #1042 is encountered (#1050) * Update README.md * adding jwt tokens with padding format "=" (#1031) * Mon Mar 13 2023 [email protected] - Update to version 8.15.1: * include default newline pairs when calculating location (#1038) * Add rule for fine-grained GitHub PAT (#1026) * Mon Mar 13 2023 [email protected] - Update to version 8.15.0: * Add scanning from a pipe with --pipe (#1012) * add a few fingerprints for test data * Add support for following symlinks (#1010) * fix bug in readme (#1011) * Mon Mar 13 2023 [email protected] - Update to version 8.14.1: * define log-opts, odd that this wasn't failing before... (#1009) * Mon Mar 13 2023 [email protected] - Update to version 8.14.0: * add --max-target-megabytes : maximum size for a file/blob to be scanned (#1003) * Update USERS.md * Update .gitleaksignore * Update README.md * Add detection rules for DigitalOcean tokens (#1002) * docs: add Trendyol to users (#998) * docs: added goreleaser to user list (#997) * Update USERS.md (#996) * Create USERS.md * Exclude dacpac refactorlogs (#990) * Output number of commits at info-level. (#991) * Detect Slack Workflow Webhook URLs (#989) * Upgrade go version to 1.19 (#987) * Minor cleanup to error handling and logging (#985) * Mon Mar 13 2023 [email protected] - Update to version 8.13.0: * Update README.md * Update .gitleaksignore * Update README.md * Adding quiet mode to silence banner (#852) * Issue #980: Add support for Telegram Bot API Token (#981) * add rule for microsoft teams webhooks (#970) * Add baseline (#975) * Add pre-commit autoupdate command to README.md (#978) * refactor: more precise rule for private keys (#930) * Mon Mar 13 2023 [email protected] - Update to version 8.12.0: * update gitleaksignore * add fingerprint to output * Pretty output (#973) * Update version in readme file (#972) * Mon Mar 13 2023 [email protected] - Update to version 8.11.2: * ignore empty files (#965) * Mon Mar 13 2023 [email protected] - Update to version 8.11.1: * Add grafana tokens rules (#959) * add prefect and readme rules (#961) * Mon Mar 13 2023 [email protected] - Update to version 8.11.0: * draft: bump gitdiff, add git.Err state, better log messages (#954) * Mon Mar 13 2023 [email protected] - Update to version 8.10.3: * Feat/add fingerprint no git (#952) * Mon Mar 13 2023 [email protected] - Update to version 8.10.2: * safe file checking (#946) * Update README.md * Mon Mar 13 2023 [email protected] - Update to version 8.10.1: * Explicit fingerprint (#944) * Mon Mar 13 2023 [email protected] - Update to version 8.10.0: * add two test findings to gitleaksignore * Feat/ignore finding (#938) * add jwt rule (#943) * bump golang test version (#942) * gitleaks allow docs (#941) * Add new rules for vault tokens (#919) * Feature/add sidekiq rules (#933) * Mon Mar 13 2023 [email protected] - Update to version 8.9.0: * update readme * add url for config * Feature: Adding the ability to extend configuration files (#926) * Add fix for issue #915 (#916) * Update README.md * Mon Mar 13 2023 [email protected] - Update to version 8.8.12: * Update README.md * Update README.md * adding access to generic rule keywords and identifiers * Fix proper names capitalization (#907) * Add multi platform build (#897) * Mon Mar 13 2023 [email protected] - Update to version 8.8.11: * update twitter rule generation description and id * capitilze twitter description * adding travis ci * Fix id and description for twitter tokens (#905) * Adding okta, codecov, zendesk, and updating Atlassian's rule to include `jira` keyword (#904) * Fix Plaid, add Plaid access token (#903) * adding airtable and adafruit (#902) * Mon Mar 13 2023 [email protected] - Update to version 8.8.10: * Fixes accidental type typos while translating rules from validation spreadsheet, adds bittrex rule * Mon Mar 13 2023 [email protected] - Update to version 8.8.9: * Remove ssn allowlist (#898) * Adding a bunch of new rules, update allowlist to include node_modules… (#896) * contributing guidelines first draft (#895) * Lint python commit script to satisfy PEP8 (#893) * Mon Mar 13 2023 [email protected] - Update to version 8.8.8: * Update generate (#892) * maintain parity with recent changes... need to create rule contributing guidelines (#891) * Fix duplicate TOML Rules and IDs (#889) * Update README.md * Update gitleaks.yml * Update README.md * user accounts don't need gitleaks license * Update README.md * Add gitleaks badge * Create gitleaks.yml (#884) * add link to gitleaks.io * Mon Mar 13 2023 [email protected] - Update to version 8.8.7: * fix git unsafe directory (#883) * Limit newlines regex (#881) * Mon Mar 13 2023 [email protected] - Update to version 8.8.6: * add combo to stopwords, update cmd/generate * Fix generic-api-key detected erroneously (zricethezav#877) (#878) * ignore end line when comparing generic rules (#879) * Mon Mar 13 2023 [email protected] - Update to version 8.8.5: * updating generic regex and algoia regex (#875) * feat: add algolia key support (#866) * Improve PlanetScale token detection (#874) * Update README.md * Adding JIT Security messages * Update README.md * Mon Mar 13 2023 [email protected] - Update to version 8.8.4: * fix no-git bug (#859) * Mon Mar 13 2023 [email protected] - Update to version 8.8.3: * Removing private keyword from private key rule (#858) * Mon Mar 13 2023 [email protected] - Update to version 8.8.2: * nasty little bug (#853) * Mon Mar 13 2023 [email protected] - Update to version 8.8.1: * adding a ton of stopwords to the generic rule only as that is the loudest rule (#851) * Mon Mar 13 2023 [email protected] - Update to version 8.8.0: * adding stopwords (#849) * Mon Mar 13 2023 [email protected] - Update to version 8.7.2: * Update dockerfile (#848) * fix EOL in secret suffix (#847) * unpin docker version in pre-commit hook (#832) * Generate tps (#845) * Mon Mar 13 2023 [email protected] - Update to version 8.7.1: * maybe fix out of bounds (#843) * Mon Mar 13 2023 [email protected] - Update to version 8.7.0: * optimize keywords (#841) * Update detect.go (#839) * Standardize/alphabetize rules, add cmd/generate/config package (#840) * fix ghcr.io typo in README.md (#835) * Mon Mar 13 2023 [email protected] - Update to version 8.6.1: * normalize keyword check (#830) * Mon Mar 13 2023 [email protected] - Update to version 8.6.0: * Keyword (#825) * doc gitleaks-docker pre-commit hook (#819) * Mon Mar 13 2023 [email protected] - Update to version 8.5.3: * skip content checks for path only rules * use official docker image as pre-commit hook (#818) * Mon Mar 13 2023 [email protected] - Update to version 8.5.2: * remove stopwords from global allowlist * Mon Mar 13 2023 [email protected] - Update to version 8.5.1: * detect: skip binary files with --no-git (#810) * fixing a location off by one edge case for --no-git (#812) * Update README.md * Mon Mar 13 2023 [email protected] - Update to version 8.5.0: * Allow tag (#809) * Stop words (#808) * Refactor `detect`, add `entropy` to all findings (#804) * Mon Mar 13 2023 [email protected] - Update to version 8.4.0: * commenting out git tests, will need to revisit eventually * commenting out flaky test for now * go mod tidying * more comments * adding git test again * handle goimports/go vet warnings * more tests * more cleaningup * maintaining parity between current master * more bug * cleanup * more cleaning up * getting some tests working * regular git scan parity * init * Escape - character in regex character groups (#802) * adding go mod/sum to ignore (#797) * GitLab pats may contain underscores as well as dashes (#794) * Mon Mar 13 2023 [email protected] - Update to version 8.3.0: * ignore k8s apiVersion in generic-api-key pattern (#760) * build: updates for go1.17 (#769) * allow non-last-element secret groups (#792) * fixing segfault when using a rule with only a path (#791) * Fix: Typo in LinkedIn id (#789) * Fix vendor name casing, Flutterwave typo (#785) * Sarif results with empty rules now represents as [] instead of null/nil (#786) * Fix typos in README.md (#780) * Sun Feb 13 2022 Johannes Kastl <[email protected]> - first version of package gitleaks at 8.2.7
/usr/bin/gitleaks /usr/share/doc/packages/gitleaks /usr/share/doc/packages/gitleaks/README.md /usr/share/licenses/gitleaks /usr/share/licenses/gitleaks/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Dec 4 00:10:59 2024