We will be using Gitleaks software to find security leaks. Here are the steps to identify leaks in your code repo -
Install gitleaks on your local machine. Click here to install. Check if it is installed successfully on your local machine.
Website> gitleaks --version
If its installed, it should show version of gitleaks.
Download sample.config file(see attachment) and copy on your local machine(this is the sample file with configuration/rules, you may change it as per your requirements).
Now git clone the repo on your local machine and goto your code folder.
Once you are in code folder, run gitleaks command.
Website> gitleaks --path=./ --config-path=../sample.config --verbose where, --path=./ => path of .git folder --config-path=../sample.config => path of sample.config file You can also download the report of leaks for sharing it with your team - Website> gitleaks -v --pretty --path [RepoPath] --config-path=../sample.config --report= [PathtosaveReport] where, --report = [PathtosaveReport] => Give the folder path where report should be saved.
It will take time from 1 minute to 30 minutes depending upon the size of folder and history.