Comments (2)
I just ran into this issue and I think the error message is misleading. The actual cause in my case is that the repo is owned by my user, but the mount point in the container is owned by root; git rejects this directory, and the git diff command erroneously complains about "--staged".
Note: running "git diff --staged" locally in your repo probably works, whereas running it in a directory that is not a repo will yield the same error message.
Trying to run git log in this image, using the same docker command that pre-commit uses:
docker run -u 501:20 -v "$PWD:/src:rw,Z" --entrypoint git --workdir /src zricethezav/gitleaks log
(501:20 are my user and group id on the local machine) shows the actual problem:
fatal: detected dubious ownership in repository at '/src'
To add an exception for this directory, call:
git config --global --add safe.directory /src
The suggested fix has already been applied in Dockerfile. Unfortunately, it does not work, because the user whose config it is added for is root, not the user that pre-commit runs the command as (in my case, 501:20).
A workaround that seems to succeed is to add an 'entry' to the gitleaks-docker hook which overrides the user setting that is passed by pre-commit:
- repo: https://github.com/zricethezav/gitleaks.git
rev: v8.18.2
hooks:
- id: gitleaks-docker
stages: [commit]
entry: -u root:root zricethezav/gitleaks protect --verbose --redact --staged
from gitleaks.
Unfortunately, I also have to report that on my colleague's MacBook with essentially identical versions the hook works. So I am still looking for the underlying cause.
from gitleaks.
Related Issues (20)
- Trivy scans failing due to vulnerable go text module
- Detection of plain strings HOT 2
- Alibaba secret in CSV format
- Finding sometimes is incorrectly reported to span multiple lines
- gitleaksignore file fingerprint issue after pull request squash and merge
- Incorrect Start and End Column Values in Gitleaks Report for Findings
- Add a Type field into report.Finding struct HOT 1
- Consider yaml/yml files in scan by default
- SARIF output shows incorrect rule properties HOT 1
- Installing gitleaks not working HOT 1
- launchdarkly-access-token is not detecting LaunchDarkly API Access Tokens
- rep-receive hook at Github enterprise HOT 1
- No result when scan HOT 1
- Feature Requests: Create Custom Gitleaks Rules HOT 1
- gitleaks with the --amend command
- Scanning different file types HOT 1
- Documentation for the [extend] file is wrong
- lsetxattr: permission denied with podman HOT 2
- Gitleaks not finding my secrets in JSON file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitleaks.