Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.
Describe the solution you'd like
example entry in the rules tables
ex:
[[rules]]
id = "discord-client-secret"
des
Describe the issue
If you have more than a few failed checks, it can be difficult to scroll to the top to see the summary or in a terminal, it may even be cut off. Can we move the summary to the bottom after the policy violations?
Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.
Extremely useful when running the tool without halting a pipeline for example.
I currently use a workaround, but something more concrete would be very desira
The enhancement may already be reported! Please search for the enhancement before creating one.
Currently when you download the SBOM from Home->Projects->->Components tab dependencies are not included.
Please include dependence when downloading the SBOM. Thanks
ggshield secret scan pre-receive
When ggshield is used in pre-receive mode, ggshield cache should be skipped as it's not actionable after. This can also avoid trying to save on a read-only file-system.
ggshield secret scan pre-receive should not save its cache.
Add a description, image, and links to the devsecops topic page so that developers can more easily learn about it.
To associate your repository with the devsecops topic, visit your repo's landing page and select "manage topics."
Description
If using the new license check feature the exit code is after every run 0, regardless of the option
--exit-code 1etcWhat did you expect to happen?
The check is working in the same way like the vuln type of check, so I can define that e.g. a CRITICAL or HIGH risk license exits with exitcode 1.
That would allow to prevent the usage of risky licenses in a company e