Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

.gitleaksignore does not work for bitbucketpipelines/git-secrets-scan:3.0.0

Thomas Einwaller
Thomas Einwaller
Contributor
December 16, 2024

 

I tried to add fingerprints to the `.gitleaksignore` file but that does not work

how do I have to get the fingerprints?

I tried to run gitleaks command locally in my repo, but they have a totally different style then the ones of the CodeInsights report in the pipeline

Answer
Watch
Like TheresaSmith likes this
478 views

1 answer

0 votes
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 17, 2024

Hi @Thomas Einwaller 

Can you confirm if you have ever used .gitleaksignore before successfully with a previous version of this pipe?

Cheers!

- Ben (Bitbucket Cloud Support)

 

View More Comments
Thomas Einwaller
Thomas Einwaller
Contributor
December 18, 2024

@Ben sorry for not being explicit enough and maybe causing confusion

 

we upgraded from atlassian/git-secrets-scan:0.6.1 to atlassian/git-secrets-scan:3.0.0

version 3.0.0 found secrets in the git history which we cannot remove anymore so we need to ignore them 

we tried to use .gitleaksignore by adding fingerprints created by running gitleaks locally or from the pipeline CodeInsight report but neither works

Like
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 18, 2024

Hey @Thomas Einwaller 

Thank you for clarifying. I've reached out to our pipes team for further assistance, the response will likely be delayed due to the holiday period - but I will respond once I have further information for you :)

Cheers!

- Ben (Bitbucket Cloud Support)

Like
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2024

Hi @Thomas Einwaller 

I noticed our pipes team responded to you - is this resolved now?

https://community.atlassian.com/t5/Bitbucket-questions/Incorrect-security-issue-flagged-by-atlassian-ms-teams-notify-0/qaq-p/2832751#M110211

Cheers!

- Ben (Bitbucket Cloud Support)

Like Igor Stoyanov likes this
Max H
Max H
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 5, 2025

I also seem to be running into this issue even now, I've configured my pipe in the following way:

- step &secrets-scan

    name: Run Secrets Scan

    script:

        - pipe: Atlassian/git-secrets-scan:3.0.0

            variables:

                DEBUG: "true"

                GITLEAKS_COMMAND: "git"

With my .gitleaksignore file in the root directory containing the fingerprint and location of the leaks:

xxxxxxxxxxx:src/app/...:32 

Despite this, the same leaks that are in the file continue to be flagged and cause the pipe to stop, there appears to be nothing in the DEBUG to suggest that the .gitleaksignore file was identified and used. Further to this, although I used the fingerprints from the generated CodeInsights report, when I run the pipe again and the same leaks are identified, they contain a completely different fingerprint suggesting that even including this fingerprint will not match with the leaks that are identified in future runs.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events