Skip to content

Fix: Add license configuration to gitleaks workflow#11

Merged
Adityav369 merged 1 commit into
mainfrom
fix-gitleaks-license
Nov 14, 2025
Merged

Fix: Add license configuration to gitleaks workflow#11
Adityav369 merged 1 commit into
mainfrom
fix-gitleaks-license

Conversation

@Adityav369
Copy link
Copy Markdown
Collaborator

@Adityav369 Adityav369 commented Nov 14, 2025

Updates the gitleaks workflow to include required license configuration.

@jazzberry-ai
Copy link
Copy Markdown

jazzberry-ai Bot commented Nov 14, 2025
edited
Loading

Bug Report

| Name | Severity | Example test case | Description |
| GITLEAKS_LICENSE Exposure | High | Set GITLEAKS_LICENSE to a valid license, and then intentionally cause an error in the gitleaks configuration. | The GITLEAKS_LICENSE environment variable could be exposed in GitHub Actions logs due to misconfiguration or vulnerabilities in the gitleaks action. Although secrets are masked, there are ways to accidentally expose them. |
| Incorrect License Usage | Medium | Set GITLEAKS_LICENSE to an invalid license. | If the GITLEAKS_LICENSE is not correctly handled by the gitleaks action, the scan might not function correctly, leading to missed secrets. |
| Lack of Input Validation | Low | Set GITLEAKS_LICENSE to an invalid format. | The patch doesn't include any input validation for the GITLEAKS_LICENSE secret. This means that an invalid or malformed license could be passed to the action, potentially causing errors or unexpected behavior. |

Comments? Email us.

@Adityav369 Adityav369 merged commit 00fba57 into main Nov 14, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Adityav369