gitleaks via pre-commit
This repo uses gitleaks in .pre-commit-config.yaml.
It is a big risk that credentials get accidentally added to Git and then get pushed. Especially in open source projects.
Why in pre-commit and not only in CI?
- The feedback is immediate. You notice accidental secrets before they leave your laptop.
- It is cheaper to fix. Amending a local commit is easier than cleaning up after a pushed secret.
- It protects all commits, not only the branch which later gets CI.
I use gitleaks here because it is a maintained general-purpose secret scanner and its license is
MIT.