scan_git_history
Scan the full git history to uncover leaked secrets and credentials (e.g., API keys, passwords) that were committed in the past and may still be valid, using Gitleaks detection.
Instructions
Scan the entire git history for leaked secrets and credentials using Gitleaks.
Traditional SAST only scans the current state of files. This tool deeply
analyzes the .git directory to find API keys, passwords, and tokens
that were committed in the past but may still be valid.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target_path | No | Path to the repository root (must contain a .git directory). | . |
| min_severity | No | Minimum severity threshold (defaults to LOW). | LOW |
| output_format | No | 'markdown' (human-readable, default) or 'json' (machine-readable list of findings for agents / CI). | markdown |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |