Gitleaks-docker crashes due to Git error: unknown option `staged' about gitleaks HOT 2 OPEN

I just ran into this issue and I think the error message is misleading. The actual cause in my case is that the repo is owned by my user, but the mount point in the container is owned by root; git rejects this directory, and the git diff command erroneously complains about "--staged".

Note: running "git diff --staged" locally in your repo probably works, whereas running it in a directory that is not a repo will yield the same error message.

Trying to run git log in this image, using the same docker command that pre-commit uses:

docker run -u 501:20 -v "$PWD:/src:rw,Z" --entrypoint git --workdir /src zricethezav/gitleaks log

(501:20 are my user and group id on the local machine) shows the actual problem:

fatal: detected dubious ownership in repository at '/src'
To add an exception for this directory, call:

	git config --global --add safe.directory /src

The suggested fix has already been applied in Dockerfile. Unfortunately, it does not work, because the user whose config it is added for is root, not the user that pre-commit runs the command as (in my case, 501:20).

A workaround that seems to succeed is to add an 'entry' to the gitleaks-docker hook which overrides the user setting that is passed by pre-commit:

- repo: https://github.com/zricethezav/gitleaks.git
    rev: v8.18.2
    hooks:
      - id: gitleaks-docker
        stages: [commit]
        entry: -u root:root zricethezav/gitleaks protect --verbose --redact --staged

from gitleaks.

Unfortunately, I also have to report that on my colleague's MacBook with essentially identical versions the hook works. So I am still looking for the underlying cause.

from gitleaks.