GitLeaks is a free command line tool to detect security vulnerabilities, API credentials in Git repositories. Here it basically takes a GitHub repository as an input and scans it. It can scan local as well hosted Git repositories in no time. It generates a simple and pretty report in the terminal itself about the leaks of API keys and credentials. If you want then you can pipe the output of the tool in a file if you know how to use the terminal. It works with all programming languages and all platforms. You just have to run a simple command in order to use it on your PC.
Many times you leave some credentials or API keys hard-coded in your projects. This can sometimes happen in long and complex projects where you have to use multiple APIs to do something. If you forget to remove them or you are too lazy to go into the source code to look for them manually then it may take some time. But with Gitleaks, you can do it in a few seconds. Just give it path to your local or online Git repository and let it do the heavy lifting. It goes through all the commits and if it finds any leak then it will show that to you.
How to Detect Security Vulnerabilities, API Credentials in Git Repos: GitLeaks
The binary releases of Gitleaks are available for all platforms. You can download it from its GitHub releases page using this link and then you can simply start using it. If you are on Windows then you can simply put it C:/Windows folder for universal access. If you are on some other platform then you just use its binary like the following. Use the following Gitleaks command syntax to see a simple scan report.
gitleaks --repo=GitRepository
And if you want to see a comprehensive report of the scan then you use the following command syntax. It will show you the report on the terminal UI itself. If you want then you can save this output in a TXT file by appending “>>abc.txt” at the end of the command. This will be useful in case you want to share the report of the scan with someone.
gitleaks --repo=GitRepository --verbose --pretty
In this way, you can use this simple tool to scan any Git repository for credentials leak. You just use it to scan any hosted online or local Git repository and generate a report. This is very simple to use and works on any Git project. There are some complex usage guidelines of this tool then you can read about on its Wiki page.
Closing thoughts
If you want to ensure that there are no leftover credentials in the hosted projects then you can use Gitleaks. This is simple and you can use it on any platform in the same way. The best part is that it works with local projects as well. So if you often leave your credentials in your projects then you use the tool and see how it works out for you.
