feat(ci): add Gitleaks job for secret scanning

Signed-off-by: Klagarge <remi@heredero.ch>
2025-04-15 21:36:31 +02:00
parent b443a56524
commit 32e2d37dd3
1 changed files with 9 additions and 1 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -96,4 +96,12 @@ dast:
  script:
    - echo "Waiting for the app to start on http://app:5000"
    - timeout 60 bash -c 'until curl -s http://app:5000; do echo "Waiting..."; sleep 3; done'
-    - zap-full-scan.py -t http://app:5000 -I
+    - zap-full-scan.py -t http://app:5000 -I
+
+gitleaks:
+  stage: test
+  image:
+    name: zricethezav/gitleaks:latest
+    entrypoint: [""]
+  script:
+      - gitleaks dir -v --redact=75 .