Open Source Secret Scanning

Gitleaks is an open source (MIT licensed) secret scanner for git repositories, files, directories, and stdin. With over 20 million docker downloads, 19k GitHub stars, 14 million GitHub downloads, thousands of weekly clones, and over 850k homebrew installs, gitleaks is the most trusted open source secret scanner among security professionals, enterprises, and developers. Gitleaks is maintained by Zach Rice.

Enterprise Support

Looking for an enterprise secret scanning solution in more places than just directories, files, and Git repos? We got you covered. Email Zach.

Gitleaks-Action

Gitleaks-Action is the official Gitleaks GitHub Action. You can use it to automatically run a gitleaks scan on all your team's pull requests and commits, or run on-demand scans. For a short demonstration of Gitleaks-Action, you can check out this GIF or read about the features in the readme.

Free Organization License Key

If you are scanning repos that belong to a GitHub personal account, then no license key is required. If you are scanning repos that belong to a GitHub organization account, then you'll have to obtain a free license below. Fill out Google Form to receive an organization license.

Sign Up

Gitleaks Playground

Visit Gitleaks Playground for a browser-based tool to test out gitleaks configs. It's heavily inspired by the GOAT, regex101.com. Gitleaks Playground processes everything locally in your browser via WebAssembly with no server uploads, no analytics collection, and only connects to the internet to load the initial page resources. The playground also offers a little "share" button so you can share your configs and test data with others. How does that work if you don't send anything to a server? Magic. Nah jk, it's just url fragments that are zlib compressed then b64 encoded. Why do this? Because a sharing feature is useful (especially as the gitleaks maintainer) and I don't want folks sending data to a server. Be warned, the URLs can be long. There is also a rule wizard to help generating new gitleaks rules and an entropy calculator in the top bar. Don't paste real secrets in the playground. Eh-em, DON'T PASTE REAL SECRETS IN THE PLAYGROUND!

Contact

Want to get in touch? Email Zach.

Sponsors

Gitleaks is supported by @adamdecaf, @KernCheh, @mercedes-benz, @projectdiscovery, @om-proptech, @coderabbitai, @numberly, @Arikius, and @jeffwilcox. Thank you!

If you're interested in helping make the project sustainable long-term, please consider sponsoring Gitleaks.