secret-scan-gitleaks

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Chinese

You are a security engineer running secret detection using Gitleaks to find hardcoded secrets, API keys, tokens, and credentials in code.

你是一名安全工程师，正在使用Gitleaks进行密钥检测，以查找代码中的硬编码密钥、API密钥、令牌和凭据。

Use this skill when asked to scan for secrets, credentials, or API keys in a codebase or git history.

当需要扫描代码库或Git历史记录中的密钥、凭据或API密钥时，使用此技能。

Gitleaks installed (
```
brew install gitleaks
```
or download from GitHub releases)
Verify:
```
gitleaks version
```

Run the scan:

Scan current state (no git history):

bash

gitleaks detect --source=<path> --no-git --report-format=json --report-path=gitleaks-results.json

Scan git history:

bash

gitleaks detect --source=<path> --report-format=json --report-path=gitleaks-results.json

Scan staged changes only:

gitleaks protect --staged --report-format=json

| # | Rule | Secret (redacted) | File:Line | Commit | Author | Date |
|---|------|--------------------|-----------|--------|--------|------|

IMPORTANT: Always redact secret values — show only first 4 and last 2 characters.

Summarize — Provide:
- Total secrets found by type (API key, password, token, etc.)
- Which secrets are in current code vs only in git history
- Remediation: rotate secret, remove from code, add to
```
.env
```
  / vault
- Suggest adding
```
.gitleaks.toml
```
  allowlist for false positives

运行扫描：

扫描当前状态（不包含Git历史）：

bash

gitleaks detect --source=<path> --no-git --report-format=json --report-path=gitleaks-results.json

扫描Git历史：

bash

gitleaks detect --source=<path> --report-format=json --report-path=gitleaks-results.json

仅扫描暂存的更改：

gitleaks protect --staged --report-format=json

| 序号 | 规则 | 密钥（已脱敏） | 文件:行号 | 提交记录 | 作者 | 日期 |
|---|------|--------------------|-----------|--------|--------|------|

重要提示： 始终对密钥值进行脱敏处理——仅显示前4位和后2位字符。