Skip to content

feat(security): add gitleaks for secret detection#63

Merged
ryoppippi merged 1 commit intomainfrom
feat/add-gitleaks
Dec 22, 2025
Merged

feat(security): add gitleaks for secret detection#63
ryoppippi merged 1 commit intomainfrom
feat/add-gitleaks

Conversation

@ryoppippi
Copy link
Member

@ryoppippi ryoppippi commented Dec 21, 2025
edited by cubic-dev-ai bot
Loading

Summary

  • Add gitleaks to detect and prevent secrets from being committed

What Changed

  • Add .gitleaks.toml configuration with default rules
  • Add gitleaks to pre-commit hook via git-hooks.nix
  • Add gitleaks job to CI workflow using nix
  • Add just gitleaks command
  • Add gitleaks to nix flake for local development

Summary by cubic

Add Gitleaks for secret detection in commits and CI. This blocks accidental secret leaks and makes local scans easy.

  • New Features
    • Pre-commit hook via Nix to prevent committing secrets.
    • CI job runs Gitleaks using Nix.
    • Devshell includes Gitleaks; run “just gitleaks” to scan the repo.
    • .gitleaks.toml with default rules and an allowlist for common lock files.

Written for commit 74f1176. Summary will update automatically on new commits.

@ryoppippi
feat(security): add gitleaks for secret detection
74f1176 
Integrate gitleaks to detect and prevent secrets from being committed:

- Add .gitleaks.toml configuration with default rules
- Add gitleaks to pre-commit hook via git-hooks.nix
- Add gitleaks job to CI workflow using nix
- Add gitleaks command to justfile
- Add gitleaks to nix flake for local development
Copilot AI review requested due to automatic review settings December 21, 2025 15:15
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Dec 21, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

Copilot AI reviewed Dec 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds gitleaks to the project for secret detection and prevention. It integrates gitleaks into multiple parts of the development workflow to catch secrets before they're committed and in CI.

  • Adds gitleaks configuration with default rules and allowlist for lock files
  • Integrates gitleaks into pre-commit hooks and CI pipeline
  • Provides a Just command for manual secret scanning

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
.gitleaks.toml Configuration file with default rules and path allowlist for .lock and .snap files
justfile Adds gitleaks command to run secret detection manually
flake.nix Adds gitleaks package and configures pre-commit hook with protect --staged command
.github/workflows/ci.yaml Adds dedicated gitleaks job that runs detect on full repository history

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

glebedel
glebedel approved these changes Dec 22, 2025
View reviewed changes
Copy link
Contributor

@glebedel glebedel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ryoppippi ryoppippi merged commit 1a31baa into main Dec 22, 2025
23 checks passed
@ryoppippi ryoppippi deleted the feat/add-gitleaks branch December 22, 2025 10:05
This was referenced Dec 19, 2025
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@glebedel glebedel glebedel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryoppippi @glebedel