Sunday, March 23, 2025

Exploring git pre-commit for Secrets leaks

What is GitGaurdian and ggsheild?

The ggsheild is a security CLI tool developed by GitGuardian that helps developers and organizations prevent the exposure of sensitive information, such as API keys, credentials, and secrets, in their Git repositories.

What are key features of ggsheild?

  • Pre-Commit and Pre-Push Scanning: Scans code before it is committed or pushed to detect secrets. Prevents accidental leaks of sensitive data in version control.
  • CI/CD Pipeline Integration: Works with GitHub Actions, GitLab CI/CD, Jenkins, and other CI tools. Ensures security checks are part of automated workflows.
  • Real-Time Monitoring and Alerts: Detects exposed secrets in public or private repositories. Sends alerts and suggests remediation steps.
  • Custom Rules & Policies: Allows defining custom regex patterns to detect organization-specific secrets. Supports allowlists to prevent false positives.

How to install ggsheild on Ubuntu 24.04?

apt update
apt install -y pipx
pipx install ggshield

Post installation settings:

pipx ensurepath
You will need to open a new terminal or re-login for the PATH changes to take effect. Now verify the ggshield version 
ggsheild --version
Install in local will update the pre-commit file. 
ggsheild install -m local
Let's do the experiment - will update the pre-commit executable file in your existing repository at .git/hooks/pre-commit path.
We can run the same ggsheild installation with global scope as well 
ggsheild install -m global
We can use the 'ignore' the last findings 
ggsheild ignore --last-found
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)

Categories

Kubernetes (25) Docker (20) git (16) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)