File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -44,8 +44,12 @@ repos:
4444 rev : v8.24.2
4545 hooks :
4646 - id : gitleaks
47- # Override default entry: `gitleaks git --pre-commit --staged` only
48- # scans staged commits, which is a no-op in CI (`pre-commit run
49- # --all-files`). `gitleaks dir` scans file contents directly, so it
50- # catches secrets both locally and in CI.
51- entry : gitleaks dir --redact --verbose
47+ # Override upstream `gitleaks git --pre-commit --staged`, which scans
48+ # staged git diffs and is a no-op in CI (`pre-commit run --all-files`
49+ # has nothing staged). Instead, scan the files pre-commit passes in:
50+ # staged files on `git commit`, tracked files on `--all-files`.
51+ # `gitleaks dir` only accepts one path per invocation, so fan out via
52+ # xargs -P for parallelism; xargs returns 123 if any child exits
53+ # non-zero, which pre-commit surfaces as a hook failure.
54+ entry : sh -c 'printf "%s\0" "$@" | xargs -0 -n1 -P"$(getconf _NPROCESSORS_ONLN)" gitleaks dir --redact --verbose --no-banner' --
55+ pass_filenames : true
You can’t perform that action at this time.
0 commit comments