doc(#605): add details about Gitleaks uses

Signed-off-by: Pierre-Yves Lapersonne <[email protected]>
Orange-OpenSource · Jan 23, 2024 · 70217bf · 70217bf
1 parent 33a5a6d
commit 70217bf
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/DEVELOP.md b/DEVELOP.md
@@ -103,3 +103,33 @@ Then you can run the following command bellow to check if the _AppNews.json_ fil
 ```shell
 check-jsonschema --schemafile schema.json AppNews.json
 ```
+
+## Use of Gitleaks
+
+[Gitleaks](https://gitleaks.io/) can be used to check if secrets can be leaked or not.
+A [GitHub Action](https://github.com/gitleaks/gitleaks-action) has been integrated to the repository with a configuration file defined in _/github/workflows_ named _gitleaks-action.yaml_.
+It will launch the _Gitleaks_ tool automatically.
+
+Howevere this tool does not detect plain API key mixed in URL, that is a reason why _Gitleaks_ can be called in a pre-commit hook, using the _giteaks.toml_ at the root of the prokect.
+To call _Gitleaks_ in pre-commit hooks, create a file named **pre-commit** inside _.git/hooks_ (then run `chmod u+x` in the file).
+The place the bash code bellow in this file:
+
+```bash
+# Run Gitleaks before commits
+echo "Running pre-commit hook: Use of gitleaks"
+gitleaks detect -v -l debug --source .
+
+# If the command fails, prevent the commit
+if [ $? -ne 0 ]; then
+  echo "Pre-commit hook failed. Aborting commit."
+  exit 1
+fi
+```
+
+Or just run when you want the command:
+
+```shell
+gitleaks detect -v -l debug --source .
+```
+
+Note that we face some issues about the use of _Gitleaks GitHub Action_ and _Gitleaks_ as CLI command, for fur further details see [#131](https://github.com/gitleaks/gitleaks-action/issues/131), [#132](https://github.com/gitleaks/gitleaks-action/issues/132) and [#1331](https://github.com/gitleaks/gitleaks/issues/1331).
diff --git a/THIRD-PARTY.md b/THIRD-PARTY.md
@@ -61,7 +61,7 @@ You may download the source code on the [following website](https://github.com/C
 
 ### Fastlane
 
-Version 2.111.0
+Version 2.213.0
 
 Copyright 2015-2022 The Fastlane Authors.
 
@@ -86,6 +86,13 @@ Copyright 2020 cpfriend1721994.
 *fastlane-plugin-mattermost* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT).
 You may download the source code on the [following website](https://github.com/cpfriend1721994/fastlane-plugin-mattermost).
 
+### Gitleaks
+
+Copyright (c) 2019 Zachary Rice
+
+*gitleaks* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT).
+You may download the source code on the [following website](https://github.com/gitleaks/gitleaks).
+
 ### SwiftFormat
 
 Version 0.49.18
@@ -104,7 +111,6 @@ Copyright 2020 Realm Inc.
 *SwiftLint* is distributed under the terms and conditions of the [MIT License](http://opensource.org/licenses/MIT).
 You may download the source code on the [following website](https://github.com/realm/SwiftLint).
 
-
 ## For tests
 
 ### FileWithoutUTF8Content.jpg