Skip to content

Commit bcfa09e

Browse files
devatsecureclaude
devatsecure
and
claude
committed
feat: Add Gitleaks v8.18.4 binary to all Dockerfiles
- Dockerfile: Install after system deps, before non-root user - Dockerfile.complete: Install after TruffleHog (groups secret scanners) - dast-mvp.dockerfile: Install after Nuclei Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 47b4b82 commit bcfa09e

File tree

3 files changed

+18
-0
lines changed

3 files changed

+18
-0
lines changed

Dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
2929
ca-certificates \
3030
&& rm -rf /var/lib/apt/lists/*
3131

32+
# Install Gitleaks (secret scanner)
33+
RUN GITLEAKS_VERSION="8.18.4" && \
34+
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_amd64.tar.gz" | \
35+
tar xz -C /usr/local/bin gitleaks && \
36+
chmod +x /usr/local/bin/gitleaks
37+
3238
# Create non-root user for security
3339
RUN groupadd -r agentuser && useradd -r -g agentuser -u 1000 agentuser
3440

Dockerfile.complete

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --
2424
# Install TruffleHog
2525
RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
2626

27+
# Install Gitleaks (secret scanner)
28+
RUN GITLEAKS_VERSION="8.18.4" && \
29+
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_amd64.tar.gz" | \
30+
tar xz -C /usr/local/bin gitleaks && \
31+
chmod +x /usr/local/bin/gitleaks
32+
2733
# Install unzip (required for Nuclei)
2834
RUN apt-get update && apt-get install -y --no-install-recommends \
2935
unzip \

docker/dast-mvp.dockerfile

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,12 @@ RUN go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest && \
2424
# Verify Nuclei installation
2525
RUN nuclei -version
2626

27+
# Install Gitleaks (secret scanner)
28+
RUN GITLEAKS_VERSION="8.18.4" && \
29+
curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_amd64.tar.gz" | \
30+
tar xz -C /usr/local/bin gitleaks && \
31+
chmod +x /usr/local/bin/gitleaks
32+
2733
# Install ZAP (will use Docker-in-Docker)
2834
# ZAP will be pulled at runtime via Docker
2935

0 commit comments

Comments
 (0)