• Tools
  • Features
  • Resources

Introduction

Getting Started

Platform Features

Scanning
AI Analysis
Code Scanning (SAST)
Reports
Dashboard & Analytics

Developer Reference

REST API
CLI Reference
CI/CD Integration
Tool Tactics
SubfinderNmapKatanaNucleiHttpxGitleaksWPScan

gitleakssecrets

What is the purpose of gitleaks?

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in git repos. It provides an easy way to scan repositories for sensitive information.

Core Features

  • Scans local and remote git repositories
  • Customizable rules using regular expressions
  • Integration with pre-commit hooks and CI/CD pipelines
  • Supports various output formats (JSON, CSV, SARIF)

Common Gitleaks Commands

1. Scan Local Repository

Scans a local git repository for secrets.

bash
gitleaks detect -v

2. Scan Specific Directory

Scans a specific directory or file without git history.

bash
gitleaks detect --no-git -v -s <path>

3. Output to File

Saves the findings to a JSON report.

bash
gitleaks detect -v -r report.json

Output Examples of Gitleaks Commands

Finding: API Key Secret: AKIAIOSFODNN7EXAMPLE File: config/settings.py Line: 42
Previous
Httpx
Next
Wpscan
⌘K

On this page

PurposeCore FeaturesCommon CommandsOutput Examples