docs: make Chinese README the default
This commit is contained in:
@@ -1,3 +1,9 @@
|
||||
<!-- WEHUB_ZH_README -->
|
||||
> [!NOTE]
|
||||
> 本文档由 WeHub 基于上游 README 翻译整理,属于社区翻译,非官方中文文档。
|
||||
> [English](./README.en.md) · [原始项目](https://github.com/gitleaks/gitleaks) · [上游 README](https://github.com/gitleaks/gitleaks/blob/HEAD/README.md)
|
||||
> 原作者、版权与许可证归属以原始项目及本仓库 LICENSE 文件为准。
|
||||
|
||||
# Gitleaks
|
||||
|
||||
```
|
||||
@@ -9,7 +15,7 @@
|
||||
```
|
||||
|
||||
> [!WARNING]
|
||||
> Gitleaks is feature complete. I'm not merging new features into Gitleaks. Future releases will be security patches only. I'm shifting my focus to [Betterleaks](https://github.com/betterleaks/betterleaks)
|
||||
> Gitleaks 功能已完备。我不会再将新功能合并进 Gitleaks。未来版本将仅提供安全补丁。我正在将精力转向 [Betterleaks](https://github.com/betterleaks/betterleaks)
|
||||
|
||||
[license]: ./LICENSE
|
||||
[badge-license]: https://img.shields.io/github/license/gitleaks/gitleaks.svg
|
||||
@@ -32,7 +38,7 @@
|
||||
[![GoReportCard][go-report-card-badge]][go-report-card]
|
||||
[![License][badge-license]][license]
|
||||
|
||||
Gitleaks is a tool for **detecting** secrets like passwords, API keys, and tokens in git repos, files, and whatever else you wanna throw at it via `stdin`. If you wanna learn more about how the detection engine works check out this blog: [Regex is (almost) all you need](https://lookingatcomputer.substack.com/p/regex-is-almost-all-you-need).
|
||||
Gitleaks 是一款用于**检测** Git 仓库、文件以及通过 `stdin` 等方式提交给它的其他内容中密码、API 密钥和令牌等机密信息的工具。若想进一步了解检测引擎的工作原理,请参阅这篇博客:[Regex is (almost) all you need](https://lookingatcomputer.substack.com/p/regex-is-almost-all-you-need).
|
||||
|
||||
```
|
||||
➜ ~/code(master) gitleaks git -v
|
||||
@@ -58,11 +64,11 @@ Fingerprint: cd5226711335c68be1e720b318b7bc3135a30eb2:cmd/generate/config/rules/
|
||||
```
|
||||
|
||||
|
||||
## Getting Started
|
||||
## 入门
|
||||
|
||||
Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types on the [releases page](https://github.com/gitleaks/gitleaks/releases). In addition, Gitleaks can be implemented as a pre-commit hook directly in your repo or as a GitHub action using [Gitleaks-Action](https://github.com/gitleaks/gitleaks-action).
|
||||
可通过 Homebrew、Docker 或 Go 安装 Gitleaks。许多主流平台和操作系统也可在 [发布页面](https://github.com/gitleaks/gitleaks/releases). 获取其二进制版本。此外,Gitleaks 可直接在仓库中配置为 pre-commit 钩子,也可通过 [Gitleaks-Action](https://github.com/gitleaks/gitleaks-action). 实现为 GitHub Action。
|
||||
|
||||
### Installing
|
||||
### 安装
|
||||
|
||||
```bash
|
||||
# MacOS
|
||||
@@ -84,8 +90,8 @@ make build
|
||||
|
||||
### Pre-Commit
|
||||
|
||||
1. Install pre-commit from https://pre-commit.com/#install
|
||||
2. Create a `.pre-commit-config.yaml` file at the root of your repository with the following content:
|
||||
1. 从 https://pre-commit.com/#install 安装 pre-commit
|
||||
2. 在仓库根目录创建 `.pre-commit-config.yaml` 文件,内容如下:
|
||||
|
||||
```
|
||||
repos:
|
||||
@@ -95,26 +101,25 @@ make build
|
||||
- id: gitleaks
|
||||
```
|
||||
|
||||
for a [native execution of gitleaks](https://github.com/gitleaks/gitleaks/releases) or use the [`gitleaks-docker` pre-commit ID](https://github.com/gitleaks/gitleaks/blob/master/.pre-commit-hooks.yaml) for executing gitleaks using the [official Docker images](#docker)
|
||||
若要 [原生运行 gitleaks](https://github.com/gitleaks/gitleaks/releases),或使用 [`gitleaks-docker` pre-commit ID](https://github.com/gitleaks/gitleaks/blob/master/.pre-commit-hooks.yaml) 通过 [官方 Docker 镜像](#docker) 运行 gitleaks
|
||||
|
||||
3. Auto-update the config to the latest repos' versions by executing `pre-commit autoupdate`
|
||||
4. Install with `pre-commit install`
|
||||
5. Now you're all set!
|
||||
3. 执行 `pre-commit autoupdate` 将配置自动更新到最新仓库版本
|
||||
4. 使用 `pre-commit install` 完成安装
|
||||
5. 一切就绪!
|
||||
|
||||
```
|
||||
➜ git commit -m "this commit contains a secret"
|
||||
Detect hardcoded secrets.................................................Failed
|
||||
```
|
||||
|
||||
Note: to disable the gitleaks pre-commit hook you can prepend `SKIP=gitleaks` to the commit command
|
||||
and it will skip running gitleaks
|
||||
注意:若要禁用 gitleaks 的 pre-commit 钩子,可在 commit 命令前加上 `SKIP=gitleaks`,这样会跳过 gitleaks 的执行
|
||||
|
||||
```
|
||||
➜ SKIP=gitleaks git commit -m "skip gitleaks check"
|
||||
Detect hardcoded secrets................................................Skipped
|
||||
```
|
||||
|
||||
## Usage
|
||||
## 用法
|
||||
|
||||
```
|
||||
Gitleaks scans code, past or present, for secrets
|
||||
@@ -163,81 +168,78 @@ Flags:
|
||||
Use "gitleaks [command] --help" for more information about a command.
|
||||
```
|
||||
|
||||
### Commands
|
||||
### 命令
|
||||
|
||||
⚠️ v8.19.0 introduced a change that deprecated `detect` and `protect`. Those commands are still available but
|
||||
are hidden in the `--help` menu. Take a look at this [gist](https://gist.github.com/zricethezav/b325bb93ebf41b9c0b0507acf12810d2) for easy command translations.
|
||||
If you find v8.19.0 broke an existing command (`detect`/`protect`), please open an issue.
|
||||
⚠️ v8.19.0 引入了一项变更,弃用了 `detect` 和 `protect`。这些命令仍可使用,但已隐藏在 `--help` 菜单中。请参阅此 [gist](https://gist.github.com/zricethezav/b325bb93ebf41b9c0b0507acf12810d2) 获取便捷的命令对照说明。
|
||||
若发现 v8.19.0 破坏了现有命令(`detect`/`protect`),请提交 issue。
|
||||
|
||||
There are three scanning modes: `git`, `dir`, and `stdin`.
|
||||
共有三种扫描模式:`git`、`dir` 和 `stdin`。
|
||||
|
||||
#### Git
|
||||
|
||||
The `git` command lets you scan local git repos. Under the hood, gitleaks uses the `git log -p` command to scan patches.
|
||||
You can configure the behavior of `git log -p` with the `log-opts` option.
|
||||
For example, if you wanted to run gitleaks on a range of commits you could use the following
|
||||
command: `gitleaks git -v --log-opts="--all commitA..commitB" path_to_repo`. See the [git log](https://git-scm.com/docs/git-log) documentation for more information.
|
||||
If there is no target specified as a positional argument, then gitleaks will attempt to scan the current working directory as a git repo.
|
||||
`git` 命令可用于扫描本地 Git 仓库。在底层,gitleaks 使用 `git log -p` 命令扫描补丁(patch)。
|
||||
可使用 `log-opts` 选项配置 `git log -p` 的行为。
|
||||
例如,若要对一段提交范围运行 gitleaks,可使用以下
|
||||
命令:`gitleaks git -v --log-opts="--all commitA..commitB" path_to_repo`。更多信息请参阅 [git log](https://git-scm.com/docs/git-log) 文档。
|
||||
若未以位置参数指定目标,gitleaks 将尝试将当前工作目录作为 Git 仓库进行扫描。
|
||||
|
||||
#### Dir
|
||||
|
||||
The `dir` (aliases include `files`, `directory`) command lets you scan directories and files. Example: `gitleaks dir -v path_to_directory_or_file`.
|
||||
If there is no target specified as a positional argument, then gitleaks will scan the current working directory.
|
||||
`dir`(别名包括 `files`、`directory`)命令可用于扫描目录和文件。示例:`gitleaks dir -v path_to_directory_or_file`。
|
||||
若未通过位置参数指定目标,gitleaks 将扫描当前工作目录。
|
||||
|
||||
#### Stdin
|
||||
|
||||
You can also stream data to gitleaks with the `stdin` command. Example: `cat some_file | gitleaks -v stdin`
|
||||
你也可以使用 `stdin` 命令将数据流式传输给 gitleaks。示例:`cat some_file | gitleaks -v stdin`
|
||||
|
||||
### Creating a baseline
|
||||
### 创建基线(baseline)
|
||||
|
||||
When scanning large repositories or repositories with a long history, it can be convenient to use a baseline. When using a baseline,
|
||||
gitleaks will ignore any old findings that are present in the baseline. A baseline can be any gitleaks report. To create a gitleaks report, run gitleaks with the `--report-path` parameter.
|
||||
在扫描大型仓库或历史较长的仓库时,使用基线会十分方便。使用基线时,gitleaks 会忽略基线中已存在的旧发现项。基线可以是任意 gitleaks 报告。要创建 gitleaks 报告,请在使用 `--report-path` 参数的情况下运行 gitleaks。
|
||||
|
||||
```
|
||||
gitleaks git --report-path gitleaks-report.json # This will save the report in a file called gitleaks-report.json
|
||||
```
|
||||
|
||||
Once as baseline is created it can be applied when running the detect command again:
|
||||
基线创建完成后,可在再次运行 detect 命令时应用:
|
||||
|
||||
```
|
||||
gitleaks git --baseline-path gitleaks-report.json --report-path findings.json
|
||||
```
|
||||
|
||||
After running the detect command with the --baseline-path parameter, report output (findings.json) will only contain new issues.
|
||||
使用 --baseline-path 参数运行 detect 命令后,报告输出(findings.json)将仅包含新问题。
|
||||
|
||||
## Pre-Commit hook
|
||||
## Pre-Commit 钩子
|
||||
|
||||
You can run Gitleaks as a pre-commit hook by copying the example `pre-commit.py` script into
|
||||
your `.git/hooks/` directory.
|
||||
你可以将示例 `pre-commit.py` 脚本复制到 `.git/hooks/` 目录中,将 Gitleaks 作为 pre-commit 钩子运行。
|
||||
|
||||
## Load Configuration
|
||||
## 加载配置
|
||||
|
||||
The order of precedence is:
|
||||
优先级顺序如下:
|
||||
|
||||
1. `--config/-c` option:
|
||||
1. `--config/-c` 选项:
|
||||
```bash
|
||||
gitleaks git --config /home/dev/customgitleaks.toml .
|
||||
```
|
||||
2. Environment variable `GITLEAKS_CONFIG` with the file path:
|
||||
2. 环境变量 `GITLEAKS_CONFIG`(文件路径):
|
||||
```bash
|
||||
export GITLEAKS_CONFIG="/home/dev/customgitleaks.toml"
|
||||
gitleaks git .
|
||||
```
|
||||
3. Environment variable `GITLEAKS_CONFIG_TOML` with the file content:
|
||||
3. 环境变量 `GITLEAKS_CONFIG_TOML`(文件内容):
|
||||
```bash
|
||||
export GITLEAKS_CONFIG_TOML=`cat customgitleaks.toml`
|
||||
gitleaks git .
|
||||
```
|
||||
4. A `.gitleaks.toml` file within the target path:
|
||||
4. 目标路径内的 `.gitleaks.toml` 文件:
|
||||
```bash
|
||||
gitleaks git .
|
||||
```
|
||||
|
||||
If none of the four options are used, then gitleaks will use the default config.
|
||||
若上述四种方式均未使用,gitleaks 将使用默认配置。
|
||||
|
||||
## Configuration
|
||||
## 配置
|
||||
|
||||
Gitleaks offers a configuration format you can follow to write your own secret detection rules:
|
||||
Gitleaks 提供了一种配置格式,你可据此编写自己的密钥检测规则:
|
||||
|
||||
```toml
|
||||
# Title for the gitleaks configuration file.
|
||||
@@ -391,21 +393,21 @@ description = "Our test assets trigger false-positives in a couple rules."
|
||||
paths = ['''tests/expected/._\.json$''']
|
||||
```
|
||||
|
||||
Refer to the default [gitleaks config](https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml) for examples or follow the [contributing guidelines](https://github.com/gitleaks/gitleaks/blob/master/CONTRIBUTING.md) if you would like to contribute to the default configuration. Additionally, you can check out [this gitleaks blog post](https://blog.gitleaks.io/stop-leaking-secrets-configuration-2-3-aeed293b1fbf) which covers advanced configuration setups.
|
||||
请参考默认 [gitleaks 配置](https://github.com/gitleaks/gitleaks/blob/master/config/gitleaks.toml) 查看示例,或若希望为默认配置做贡献,请遵循 [贡献指南](https://github.com/gitleaks/gitleaks/blob/master/CONTRIBUTING.md)。此外,你还可以阅读 [这篇 gitleaks 博客文章](https://blog.gitleaks.io/stop-leaking-secrets-configuration-2-3-aeed293b1fbf),其中介绍了高级配置方案。
|
||||
|
||||
### Additional Configuration
|
||||
### 其他配置
|
||||
|
||||
#### Composite Rules (Multi-part or `required` Rules)
|
||||
In v8.28.0 Gitleaks introduced composite rules, which are made up of a single "primary" rule and one or more auxiliary or `required` rules. To create a composite rule, add a `[[rules.required]]` table to the primary rule specifying an `id` and optionally `withinLines` and/or `withinColumns` proximity constraints. A fragment is a chunk of content that Gitleaks processes at once (typically a file, part of a file, or git diff), and proximity matching instructs the primary rule to only report a finding if the auxiliary `required` rules also find matches within the specified area of the fragment.
|
||||
#### 复合规则(多部分或 `required` 规则)
|
||||
在 v8.28.0 中,Gitleaks 引入了复合规则(composite rules),由一条“主”规则和一条或多条辅助或 `required` 规则组成。要创建复合规则,请在主规则中添加 `[[rules.required]]` 表,指定 `id`,并可选择设置 `withinLines` 和/或 `withinColumns` 邻近约束。片段(fragment)是 Gitleaks 一次处理的一块内容(通常是文件、文件的一部分或 git diff),邻近匹配会指示主规则:仅当辅助 `required` 规则也在片段的指定区域内找到匹配时,才报告发现项。
|
||||
|
||||
**Proximity matching:** Using the `withinLines` and `withinColumns` fields instructs the primary rule to only report a finding if the auxiliary `required` rules also find matches within the specified proximity. You can set:
|
||||
**邻近匹配(Proximity matching):** 使用 `withinLines` 和 `withinColumns` 字段会指示主规则:仅当辅助 `required` 规则也在指定邻近范围内找到匹配时,才报告发现项。你可以设置:
|
||||
|
||||
- **`withinLines: N`** - required findings must be within N lines (vertically)
|
||||
- **`withinColumns: N`** - required findings must be within N characters (horizontally)
|
||||
- **Both** - creates a rectangular search area (both constraints must be satisfied)
|
||||
- **Neither** - fragment-level matching (required findings can be anywhere in the same fragment)
|
||||
- **`withinLines: N`** - 必需发现项必须在 N 行以内(纵向)
|
||||
- **`withinColumns: N`** - 必需发现项必须在 N 个字符以内(横向)
|
||||
- **两者同时设置** - 创建矩形搜索区域(两个约束都必须满足)
|
||||
- **两者都不设置** - 片段级匹配(必需发现项可在同一片段中的任意位置)
|
||||
|
||||
Here are diagrams illustrating each proximity behavior:
|
||||
下图说明了各种邻近行为:
|
||||
|
||||
```
|
||||
p = primary captured secret
|
||||
@@ -481,12 +483,12 @@ fragment = section of data gitleaks is looking at
|
||||
└───-3C────0L───+3C┴─┘ └────────────┘
|
||||
```
|
||||
|
||||
<details><summary>Some final quick thoughts on composite rules.</summary>This is an experimental feature! It's subject to change so don't go sellin' a new B2B SaaS feature built ontop of this feature. Scan type (git vs dir) based context is interesting. I'm monitoring the situation. Composite rules might not be super useful for git scans because gitleaks only looks at additions in the git history. It could be useful to scan non-additions in git history for `required` rules. Oh, right this is a readme, I'll shut up now.</details>
|
||||
<details><summary>关于复合规则的一些最后想法。</summary>这是一项实验性功能!它可能会变更,所以别基于这项功能去卖新的 B2B SaaS 功能。基于扫描类型(git 与 dir)的上下文很有意思。我正在关注相关情况。复合规则对 git 扫描可能不是超级有用,因为 gitleaks 只查看 git 历史中的新增内容。扫描 git 历史中的非新增内容,对 `required` 规则可能有用。哦对了,这是 readme,我这就闭嘴。</details>
|
||||
|
||||
#### gitleaks:allow
|
||||
|
||||
If you are knowingly committing a test secret that gitleaks will catch you can add a `gitleaks:allow` comment to that line which will instruct gitleaks
|
||||
to ignore that secret. Ex:
|
||||
如果你明知要提交一个 gitleaks 会捕获的测试密钥,可以在该行添加 `gitleaks:allow` 注释,指示 gitleaks
|
||||
忽略该密钥。例如:
|
||||
|
||||
```
|
||||
class CustomClass:
|
||||
@@ -496,54 +498,48 @@ class CustomClass:
|
||||
|
||||
#### .gitleaksignore
|
||||
|
||||
You can ignore specific findings by creating a `.gitleaksignore` file at the root of your repo. In release v8.10.0 Gitleaks added a `Fingerprint` value to the Gitleaks report. Each leak, or finding, has a Fingerprint that uniquely identifies a secret. Add this fingerprint to the `.gitleaksignore` file to ignore that specific secret. See Gitleaks' [.gitleaksignore](https://github.com/gitleaks/gitleaks/blob/master/.gitleaksignore) for an example. Note: this feature is experimental and is subject to change in the future.
|
||||
你可以在仓库根目录创建 `.gitleaksignore` 文件来忽略特定发现项。在 v8.10.0 版本中,Gitleaks 向 Gitleaks 报告添加了 `Fingerprint` 值。每个泄露项或发现项都有一个可唯一标识密钥的 Fingerprint。将该 fingerprint 添加到 `.gitleaksignore` 文件即可忽略该特定密钥。示例见 Gitleaks 的 [.gitleaksignore](https://github.com/gitleaks/gitleaks/blob/master/.gitleaksignore)。注意:此功能为实验性功能,未来可能会变更。
|
||||
|
||||
#### Decoding
|
||||
#### 解码
|
||||
|
||||
Sometimes secrets are encoded in a way that can make them difficult to find
|
||||
with just regex. Now you can tell gitleaks to automatically find and decode
|
||||
encoded text. The flag `--max-decode-depth` enables this feature (the default
|
||||
value "0" means the feature is disabled by default).
|
||||
有时密钥会以某种编码方式存储,仅用正则表达式难以发现。
|
||||
现在你可以让 gitleaks 自动查找并解码
|
||||
编码文本。标志 `--max-decode-depth` 可启用此功能(默认值 "0" 表示默认禁用)。
|
||||
|
||||
Recursive decoding is supported since decoded text can also contain encoded
|
||||
text. The flag `--max-decode-depth` sets the recursion limit. Recursion stops
|
||||
when there are no new segments of encoded text to decode, so setting a really
|
||||
high max depth doesn't mean it will make that many passes. It will only make as
|
||||
many as it needs to decode the text. Overall, decoding only minimally increases
|
||||
scan times.
|
||||
自解码后的文本也可能包含编码
|
||||
文本以来,支持递归解码。标志 `--max-decode-depth` 设置递归深度限制。当没有新的编码文本段需要解码时,递归会停止,因此将最大深度设得很高并不意味着会进行那么多次遍历。它只会按需进行所需次数的遍历。总体而言,解码只会略微增加
|
||||
扫描时间。
|
||||
|
||||
The findings for encoded text differ from normal findings in the following
|
||||
ways:
|
||||
编码文本的发现项与普通发现项在以下
|
||||
方面有所不同:
|
||||
|
||||
- The location points the bounds of the encoded text
|
||||
- If the rule matches outside the encoded text, the bounds are adjusted to
|
||||
include that as well
|
||||
- The match and secret contain the decoded value
|
||||
- Two tags are added `decoded:<encoding>` and `decode-depth:<depth>`
|
||||
- 位置指向编码文本的边界
|
||||
- 如果规则在编码文本之外匹配,边界会相应调整以
|
||||
包含该匹配
|
||||
- match 和 secret 包含解码后的值
|
||||
- 会添加两个标签 `decoded:<encoding>` 和 `decode-depth:<depth>`
|
||||
|
||||
Currently supported encodings:
|
||||
当前支持的编码:
|
||||
|
||||
- **percent** - Any printable ASCII percent encoded values
|
||||
- **hex** - Any printable ASCII hex encoded values >= 32 characters
|
||||
- **base64** - Any printable ASCII base64 encoded values >= 16 characters
|
||||
- **percent** - 任何可打印 ASCII 的 percent 编码值
|
||||
- **hex** - 任何长度 >= 32 个字符的可打印 ASCII hex 编码值
|
||||
- **base64** - 任何长度 >= 16 个字符的可打印 ASCII base64 编码值
|
||||
|
||||
#### Archive Scanning
|
||||
#### 归档扫描
|
||||
|
||||
Sometimes secrets are packaged within archive files like zip files or tarballs,
|
||||
making them difficult to discover. Now you can tell gitleaks to automatically
|
||||
extract and scan the contents of archives. The flag `--max-archive-depth`
|
||||
enables this feature for both `dir` and `git` scan types. The default value of
|
||||
"0" means this feature is disabled by default.
|
||||
有时密钥会打包在 zip 文件或 tarball 等归档文件中,
|
||||
难以发现。现在你可以让 gitleaks 自动
|
||||
提取并扫描归档内容。标志 `--max-archive-depth`
|
||||
可为 `dir` 和 `git` 两种扫描类型启用此功能。默认值
|
||||
"0" 表示默认禁用。
|
||||
|
||||
Recursive scanning is supported since archives can also contain other archives.
|
||||
The `--max-archive-depth` flag sets the recursion limit. Recursion stops when
|
||||
there are no new archives to extract, so setting a very high max depth just
|
||||
sets the potential to go that deep. It will only go as deep as it needs to.
|
||||
由于归档中也可能包含其他归档,支持递归扫描。
|
||||
`--max-archive-depth` 标志设置递归深度限制。当没有新的归档需要提取时,递归会停止,因此将最大深度设得很高只是
|
||||
设置了可能达到该深度的上限。实际深度只会按需达到所需程度。
|
||||
|
||||
The findings for secrets located within an archive will include the path to the
|
||||
file inside the archive. Inner paths are separated with `!`.
|
||||
位于归档内的密钥发现项会包含归档内文件的路径。内部路径以 `!` 分隔。
|
||||
|
||||
Example finding (shortened for brevity):
|
||||
发现项示例(为简洁起见已缩短):
|
||||
|
||||
```
|
||||
Finding: DB_PASSWORD=8ae31cacf141669ddfb5da
|
||||
@@ -556,23 +552,22 @@ Fingerprint: 6e6ee6596d337bb656496425fb98644eb62b4a82:testdata/archives/nested.t
|
||||
Link: https://github.com/leaktk/gitleaks/blob/6e6ee6596d337bb656496425fb98644eb62b4a82/testdata/archives/nested.tar.gz
|
||||
```
|
||||
|
||||
This means a secret was detected on line 4 of `files/.env.prod.` which is in
|
||||
`archives/files.tar` which is in `testdata/archives/nested.tar.gz`.
|
||||
这表示在 `files/.env.prod.` 的第 4 行检测到密钥,该文件位于
|
||||
`archives/files.tar`,而它又位于 `testdata/archives/nested.tar.gz` 中。
|
||||
|
||||
Currently supported formats:
|
||||
当前支持的格式:
|
||||
|
||||
The [compression](https://github.com/mholt/archives?tab=readme-ov-file#supported-compression-formats)
|
||||
and [archive](https://github.com/mholt/archives?tab=readme-ov-file#supported-archive-formats)
|
||||
formats supported by mholt's [archives package](https://github.com/mholt/archives)
|
||||
are supported.
|
||||
支持 mholt 的 [archives package](https://github.com/mholt/archives) 所支持的 [compression](https://github.com/mholt/archives?tab=readme-ov-file#supported-compression-formats)
|
||||
和 [archive](https://github.com/mholt/archives?tab=readme-ov-file#supported-archive-formats)
|
||||
格式。
|
||||
|
||||
#### Reporting
|
||||
#### 报告
|
||||
|
||||
Gitleaks has built-in support for several report formats: [`json`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/json_simple.json), [`csv`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/csv_simple.csv?plain=1), [`junit`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/junit_simple.xml), and [`sarif`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/sarif_simple.sarif).
|
||||
Gitleaks 内置支持多种报告格式:[`json`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/json_simple.json), [`csv`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/csv_simple.csv?plain=1), [`junit`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/junit_simple.xml), 和 [`sarif`](https://github.com/gitleaks/gitleaks/blob/master/testdata/expected/report/sarif_simple.sarif).
|
||||
|
||||
If none of these formats fit your need, you can create your own report format with a [Go `text/template` .tmpl file](https://www.digitalocean.com/community/tutorials/how-to-use-templates-in-go#step-4-writing-a-template) and the `--report-template` flag. The template can use [extended functionality from the `Masterminds/sprig` template library](https://masterminds.github.io/sprig/).
|
||||
如果这些格式都不符合你的需求,你可以使用 [Go `text/template` .tmpl 文件](https://www.digitalocean.com/community/tutorials/how-to-use-templates-in-go#step-4-writing-a-template) 和 `--report-template` 标志创建自己的报告格式。该模板可以使用 [`Masterminds/sprig` 模板库提供的扩展功能](https://masterminds.github.io/sprig/).
|
||||
|
||||
For example, the following template provides a custom JSON output:
|
||||
例如,以下模板可提供自定义 JSON 输出:
|
||||
```gotemplate
|
||||
# jsonextra.tmpl
|
||||
[{{ $lastFinding := (sub (len . ) 1) }}
|
||||
@@ -602,12 +597,12 @@ For example, the following template provides a custom JSON output:
|
||||
]
|
||||
```
|
||||
|
||||
Usage:
|
||||
用法:
|
||||
```sh
|
||||
$ gitleaks dir ~/leaky-repo/ --report-path "report.json" --report-format template --report-template testdata/report/jsonextra.tmpl
|
||||
```
|
||||
|
||||
## Sponsorships
|
||||
## 赞助
|
||||
|
||||
<p align="left">
|
||||
<h3><a href="https://coderabbit.ai/?utm_source=oss&utm_medium=sponsorship&utm_campaign=gitleaks">coderabbit.ai</h3>
|
||||
@@ -617,9 +612,9 @@ $ gitleaks dir ~/leaky-repo/ --report-path "report.json" --report-format templat
|
||||
</p>
|
||||
|
||||
|
||||
## Exit Codes
|
||||
## 退出码
|
||||
|
||||
You can always set the exit code when leaks are encountered with the --exit-code flag. Default exit codes below:
|
||||
遇到泄漏时,你始终可以使用 --exit-code 标志设置退出码。默认退出码如下:
|
||||
|
||||
```
|
||||
0 - no leaks present
|
||||
@@ -627,4 +622,4 @@ You can always set the exit code when leaks are encountered with the --exit-code
|
||||
126 - unknown flag
|
||||
```
|
||||
|
||||
### Join the Discord! [](https://discord.gg/8Hzbrnkr7E)
|
||||
### 加入 Discord](https://discord.gg/8Hzbrnkr7E)
|
||||
|
||||
Reference in New Issue
Block a user