Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

git-secrets-scan:3.1.0 ignoring GITLEAKS_EXTRA_ARGS

John Alberts
John Alberts
March 17, 2025

I'm trying to start using git-secrets-scan:3.1.0 pipe and the pipe appears to be ignoring the GITLEAKS_EXTRA_ARGS that is passed to it.

I have the following:

```yaml

- step: &SecurityScan
name: Security Scan
script:
- pipe: atlassian/git-secrets-scan:3.1.0
variables:
GITLEAKS_EXTRA_ARGS:
- "--baseline-path=gitleaks-baseline-report.json"
- "--platform=none"
```
When the step runs, none of the extra arguments appear to be passed to the gitleaks command, because the gitleaks run is ignoring my baseline file and still complains about unknown SCM platform.
If I run the following locally, it runs fine:
`gitleaks git --baseline-path=gitleaks-baseline-report.json --platform=none`
Answer
Watch
Like Max H likes this
2343 views

2 answers

0 votes
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 19, 2025

Hi @John Alberts . Here i provided configuration:

      - pipe: docker://bitbucketpipelines/git-secrets-scan:3.1.0
        variables:
          DEBUG: "true"
          GITLEAKS_EXTRA_ARGS:
              - "--verbose"
              - "--redact=100"
              - "--max-decode-depth=3"

 And here is the output:

Screenshot 2025-03-19 at 10.17.09.png

Try to add DEBUG to see gitleaks generated command.

 

Regards, Igor

View More Comments
Paul S
Paul S
Contributor
January 2, 2026

Today I found that:

Pipe has finished with an error: 126, Error: unknown flag: --max-decode-depth 3

while usage it outputs is:

--max-decode-depth int                    allow recursive decoding up to this depth (default "0", no decoding is done)

 

All this while trying to figure out why my scans are suddenly failing with:

Traceback (most recent call last):
File "/pipe.py", line 142, in <module>
pipe.run()
File "/pipe.py", line 130, in run
self.create_code_insights_report()
File "/pipe.py", line 65, in create_code_insights_report
report = insights.create_report(os.environ["BITBUCKET_COMMIT"], report_data=report_data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/bitbucket_pipes_toolkit/annotations.py", line 89, in create_report
response.raise_for_status()
File "/usr/lib/python3.11/site-packages/requests/models.py", line 1026, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url
Like
Paul S
Paul S
Contributor
January 2, 2026

BTW the scans were working fine for days - then failures across multiple repos with no changes made.

Like
Reply
0 votes
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 18, 2025

Hi John,

I've reached out to our pipes team for further assistance on this. They should respond shortly.

Cheers!

- Ben (Bitbucket Cloud Support)

 

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security