security_gitleaks_scan
Scan directories for exposed secrets and credentials to identify security vulnerabilities before deployment.
Instructions
Scan a directory for leaked secrets and credentials using Gitleaks
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| directory | No | Directory to scan (default: current directory) |
Implementation Reference
- src/tools/security/gitleaks_scan.ts:7-41 (handler)The core logic function executing the gitleaks scan command.
export async function gitleaksScan(args: Record<string, unknown>): Promise<string> { const directory = (args.directory as string) || "."; try { const { stdout } = await execFileAsync( "gitleaks", ["detect", "--source", directory, "--report-format", "json", "--no-banner", "--exit-code", "0"], { timeout: 60000 } ); const findings = JSON.parse(stdout || "[]"); if (findings.length === 0) { return `Gitleaks scan: No secrets found in '${directory}'.`; } const headers = ["RULE", "FILE", "LINE", "MATCH"]; const rows = findings.slice(0, 20).map((f: any) => [ f.RuleID || "", f.File || "", String(f.StartLine || ""), (f.Match || "").substring(0, 30) + "***", ]); const result = `Gitleaks scan results for '${directory}':\n\n${formatTable(headers, rows)}`; if (findings.length > 20) { return result + `\n\n... and ${findings.length - 20} more findings`; } return result; } catch (error: any) { if (error.code === "ENOENT") { throw new Error("Gitleaks is not installed. Install it from https://github.com/gitleaks/gitleaks"); } throw new Error(`Gitleaks scan failed: ${error.stderr || error.message}`); } } - src/tools/security/index.ts:19-28 (schema)Tool definition and input schema for security_gitleaks_scan.
{ name: "security_gitleaks_scan", description: "Scan a directory for leaked secrets and credentials using Gitleaks", inputSchema: { type: "object" as const, properties: { directory: { type: "string", description: "Directory to scan (default: current directory)" }, }, }, }, - src/tools/security/index.ts:49-49 (registration)Tool registration/routing to the handler.
case "security_gitleaks_scan": return gitleaksScan(a);