Skip to content

Scan

pipeleek circle scan

Scan CircleCI logs and artifacts

Synopsis

Scan CircleCI pipelines, workflows, jobs, logs, test results, and optional artifacts for secrets.

1
pipeleek circle scan [flags]

Examples

1
2
3
4
5
6
7
8
# Scan explicit project(s)
pipeleek circle scan --token <token> --project org/repo

# Restrict by branch and statuses
pipeleek circle scan --token <token> --project org/repo --branch main --status success --status failed

# Include artifacts and tests with time window
pipeleek circle scan --token <token> --project org/repo --artifacts --since 2026-01-01T00:00:00Z --until 2026-01-31T23:59:59Z

Options

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
  -a, --artifacts                  Scan artifacts
  -b, --branch string              Filter pipelines by branch
  -c, --circle string              CircleCI base URL (default "https://circleci.com")
      --confidence strings         Filter for confidence level, separate by comma if multiple. See readme for more info.
  -h, --help                       help for scan
      --hit-timeout duration       Maximum time to wait for hit detection per scan item (e.g., 30s, 2m, 1h) (default 1m0s)
      --insights                   Scan CircleCI workflow insights endpoints (default true)
      --job strings                Filter by job name
      --max-artifact-size string   Maximum artifact size to scan. Larger files are skipped. Format: https://pkg.go.dev/github.com/docker/go-units#FromHumanSize (default "500Mb")
      --max-pipelines int          Maximum number of pipelines to scan per project (0 = no limit)
      --org string                 CircleCI organization slug (used to filter projects)
  -p, --project strings            Project selector. Format: org/repo or vcs/org/repo
      --since string               Include items created after this RFC3339 timestamp
      --status strings             Filter by pipeline/workflow/job status
      --tests                      Scan CircleCI test results per job (default true)
      --threads int                Number of concurrent threads for scanning (default 4)
  -t, --token string               CircleCI API token
      --truffle-hog-verification   Enable TruffleHog credential verification to actively test found credentials and only report verified ones (enabled by default, disable with --truffle-hog-verification=false) (default true)
      --until string               Include items created before this RFC3339 timestamp
      --vcs string                 VCS provider for project selectors without prefix (github or bitbucket) (default "github")
      --workflow strings           Filter by workflow name

Options inherited from parent commands

1
2
3
4
5
6
7
      --color              Enable colored log output (auto-disabled when using --logfile) (default true)
      --config string      Config file path. Example: ~/.config/pipeleek/pipeleek.yaml
      --ignore-proxy       Ignore HTTP_PROXY environment variable
      --json               Use JSON as log output format
      --log-level string   Set log level globally (debug, info, warn, error). Example: --log-level=warn
  -l, --logfile string     Log output to a file
  -v, --verbose            Enable debug logging (shortcut for --log-level=debug)

SEE ALSO