Summary
Secret scanning currently runs in a local lefthook pre-commit hook via gitleaks. Add a GitHub Actions check so pull requests and pushes are also protected even if local hooks are skipped.
Expected behavior
- run
gitleaks in CI
- fail the workflow when leaks are detected
- keep the setup simple and reproducible
Motivation
Local hooks are helpful, but CI should provide repository-side enforcement too.
Summary
Secret scanning currently runs in a local
lefthookpre-commit hook viagitleaks. Add a GitHub Actions check so pull requests and pushes are also protected even if local hooks are skipped.Expected behavior
gitleaksin CIMotivation
Local hooks are helpful, but CI should provide repository-side enforcement too.