Releases · gitleaks/gitleaks

@rgmz

Changelog

d1c7759 fix(detect): test all allowlists (#1845)

Big thanks @rgmz

Changelog

4451b45 feat(config): define multiple global allowlists (#1777) (cause for the minor bump change)
7fb21a4 feat(rules): Add Perplexity AI API key detection (#1825)
f6193bc feat(gcp): increase rule entropy (#1840)
9bc7257 Adding clickhouse scanner (#1826)
b6cc71a fix(baseline): work with --redact (#1741)
cfdeb0d feat(rule): validate & sort rule when generating (#1817)

Changelog

107a418 Add support for GitLab Runner Tokens (Routable) (#1820)
7fac002 bump repo version in pre-commit example (#1815)
4b54104 Fix currentLine out of bounds error (#1810)
af7d5bc add support for Azure DevOps platform in SCM detection and link (#1807)
3e8cd2d Add MaxMind license key rule (#1771)
ddcc753 implement new openai regex pattern (#1780)
9708e65 A first attempt adding hooks.slack.com/triggers/ (#1792)
198e410 feat(generic): tweak false-positives (#1803)
e273a97 chore: tweak logging and readme for GITLEAKS_CONFIG_TOML feature (#1802)
a503b58 feat: add option to set config from env var with toml content (#1662)

@rgmz

What's Changed

Fix platform flag being ignored with gitleaks detect by @rgmz in #1765
Make AddFinding public by @bplaxco in #1767
FIX upgrade x/crypto to 0.31.0 to get rid of CVE-2024-45337 by @cgoessen in #1768
Upgrade rs/zerolog, spf13/cobra, and spf13/viper by @rgmz in #1769
Infer report-format from report-path extension if no value is provided by @rgmz in #1776
generic-api-key: ignore csrf-tokens by @rgmz in #1779
Prevent Yocto/BitBake false positives with generic-api-key rule by @Okeanos in #1783
Fix decoded line allowlist by @zricethezav in #1788
Readme badge revisions by @jessp01 in #1744
feat(regexp): use standard regexp by default, make go-re2 opt-in by @twpayne in #1798
gore2 release tags by @zricethezav in #1801

New Contributors

@cgoessen made their first contribution in #1768
@Okeanos made their first contribution in #1783
@jessp01 made their first contribution in #1744
@twpayne made their first contribution in #1798

Full Changelog: v8.24.0...v8.24.2

Changelog

c2afd56 Make paths and fingerprints platform-agnostic (#1622)
818e32f Add Sonar rule (#1756)
3fa5a3a Minor false positive improvements (#1758)
2020e6a Add support for streaming DetectReader (#1760)
9122a2d chore: Update github.com/wasilibs/go-re2 to v1.9.0 (#1763)
398d0c4 docs: describe extended rules take precedence over base rules (#1563)
ae26eff feat(git): disable link generation (#1748)
c6424a6 added sourcegraph token rule (#1736)
6411402 feat(config): add rule for .p12 files (#1738)
d71d95d add deno.lock to default exclusions (#1740)

Changelog

3188ad6 Don't exit with error if git repacking is required (#1711)
7fc11bb refactor(config): use non-capture groups for allowlists (#1735)
36c52c6 chore: Enhance curl-auth-user to detect empty usernames or passwords (#1726)
1f323d8 fix(cmd): read log-opts before GitLogCmd (#1730)

Changelog

d88bc09 facebook keyword
3fdaefd fix(meraki): restrict keyword case (#1722)
f3ae52e feat(generic-api-key): detect base64 (#1598)
d6a828a great branch name (#1721)
d2ffffe fix(git): remove .git suffix for links (#1716)
a43dc0d chore: refine generic-api-key fps + trace logging (#1720)
69ed20e fix(generate): move newline out of char range (#1719)
52b895a newline literal (#1718)
3f4d91f build: support either stdlib or 3rd-party regexp (#1706)
049f5b2 chore(detect): update trace logging (#1713)
7a6183d feat(git): redact passwords from remote URL (#1709)
3c7f3f0 feat(git): include link in report (#1698)
0e3f4f7 chore: reduce generic-api-key fps (#1707)
3ed8567 blorp
e977850 added new rule for cisco meraki api key (#1700)
ad7a4fb feat: general fp tweaks (#1703)
b2cf03c chore(generate): use \x60 instead of literal (#1702)
a3f623c chore(regex): simplify secretPrefix, suffix (#1620)
cc71bb1 update version for pre-commit in README.md (#1699)

Changelog

7bad9f7 chore(gcp): add firebase example keys to the gcp-api-key allowlists (#1635)
977236c fix: unaligned 64-bit atomic operation panic (#1696)
a211b16 force push to master everyday
0e5f644 feat(config): disable extended rule (#1535)
f320a60 style: prevent globbing and word splitting (#1543)
c4526b2 refactor(generic-api-key): remove hard-coded 'magic' (#1600)
748076d chore(generate): add failing test case (#1690)

Changelog

db8e5e6 feat(generate): use multiple allowlists (#1691)
973c794 chore(rules): include fps in reference (#1471)
f0d4499 Add comma as operator for GenerateSemiGenericRegex (#1679)
ab38a46 refactor: central logger (#1692)
b022d1c friendship ended with tines

READ THIS!!! The default gitleaks config now uses [[rules.allowlists]]

    # ⚠️ In v8.21.0 `[rules.allowlist]` was replaced with `[[rules.allowlists]]`.
    # This change was backwards-compatible: instances of `[rules.allowlist]` still  work.
    #
    # You can define multiple allowlists for a rule to reduce false positives.
    # A finding will be ignored if _ANY_ `[[rules.allowlists]]` matches.
    [[rules.allowlists]]
    description = "ignore commit A"
    # When multiple criteria are defined the default condition is "OR".
    # e.g., this can match on |commits| OR |paths| OR |stopwords|.
    condition = "OR"
    commits = [ "commit-A", "commit-B"]
    paths = [
      '''go\.mod''',
      '''go\.sum'''
    ]
    # note: stopwords targets the extracted secret, not the entire regex match
    # like 'regexes' does. (stopwords introduced in 8.8.0)
    stopwords = [
      '''client''',
      '''endpoint''',
    ]

    [[rules.allowlists]]
    # The "AND" condition can be used to make sure all criteria match.
    # e.g., this matches if |regexes| AND |paths| are satisfied.
    condition = "AND"
    # note: |regexes| defaults to check the _Secret_ in the finding.
    # Acceptable values for |regexTarget| are "secret" (default), "match", and "line".
    regexTarget = "match"
    regexes = [ '''(?i)parseur[il]''' ]
    paths = [ '''package-lock\.json''' ]

Changelog

b69b515 Entropy trace (#1659)
7357adc build: add 'toolchain' to go.mod (#1682)
4c3da6e refactor(detect): create readUntilSafeBoundary + add tests (#1676)
dbe3746 twitter really does suck ass now
7edfc6b chore(tests): test cases for generate.go (#1623)
efe40ca fix: only use non-empty secret groups (#1632)
7cb5f6f build: upgrade sprig v2->v3 (#1674)
2930537 fix: generate report file even if no findings (#1673)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Changelog

Contributors

Changelog

Changelog

What's Changed

New Contributors

Contributors

Changelog

Changelog

Changelog

Changelog

Changelog

Changelog

Releases: gitleaks/gitleaks

v8.25.1

Changelog

Contributors

v8.25.0

Changelog

v8.24.3

Changelog

v8.24.2

What's Changed

New Contributors

Contributors

v8.24.0

Changelog

v8.23.3

Changelog

v8.23.2

Changelog

v8.23.1

Changelog

v8.23.0

Changelog

v8.22.1

Changelog