Skip to content

Chore: [AEA-0000] - use gitleaks for secret scanning#97

Merged
anthony-nhs merged 1 commit intomainfrom
gitleaks
Apr 17, 2026
Merged

Chore: [AEA-0000] - use gitleaks for secret scanning#97
anthony-nhs merged 1 commit intomainfrom
gitleaks

Conversation

@anthony-nhs
Copy link
Copy Markdown
Collaborator

@anthony-nhs anthony-nhs commented Apr 17, 2026

use gitleaks for secret scanning

Copilot AI review requested due to automatic review settings April 17, 2026 08:55
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Switches local secret scanning in pre-commit from git-secrets to gitleaks.

Changes:

  • Replaced the previous secret-scanning hook with a gitleaks pre-commit hook invocation.
  • Removed the legacy .gitallowed allowlist file (previously used for git-secrets).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.pre-commit-config.yaml Removes git-secrets hook and adds a gitleaks hook under the local repo hooks.
.gitallowed Deletes the old allowlist patterns file associated with git-secrets.

Comment thread .pre-commit-config.yaml
- -c
- 'git-secrets --pre_commit_hook'
- "gitleaks git --pre-commit --redact --staged --verbose"
language: system
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This hook doesn’t appear to use the file list that pre-commit will pass by default. To avoid unnecessary arguments (and potential OS argument-length issues on large commits), set pass_filenames: false (and consider always_run: true if you want secret scanning to run even when no files match).

Suggested change
language: system
language: system
pass_filenames: false
always_run: true

Copilot uses AI. Check for mistakes.
Comment thread .pre-commit-config.yaml
Comment on lines +80 to +81
description: gitleaks scans commits, commit messages, and --no-ff merges to
prevent adding secrets into your git repositories.
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The description claims this hook scans commit messages and --no-ff merges, but default_stages is pre-commit and this command is run in the pre-commit stage. Either adjust the description to match what’s actually being scanned (e.g., staged changes), or add an explicit commit-msg stage hook if commit message scanning is required.

Suggested change
description: gitleaks scans commits, commit messages, and --no-ff merges to
prevent adding secrets into your git repositories.
description: gitleaks scans staged changes during pre-commit to help
prevent secrets from being added to your git repository.

Copilot uses AI. Check for mistakes.
@anthony-nhs anthony-nhs merged commit bd3ecb1 into main Apr 17, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anthony-nhs