Skip to content

Scan

pipeleek gl snippets scan

Scan GitLab snippets for secrets

Synopsis

Scan snippet contents for secrets.

By default, all snippets visible to the provided token are scanned, including public ones. Use --repo to limit to a single repository or --namespace to scan repositories in a namespace.

1
pipeleek gl snippets scan [flags]

Examples

1
2
3
4
5
6
7
8
# Scan all snippets visible to the token
pipeleek gl snippets scan --token glpat-xxxxxxxxxxx --url https://gitlab.example.com

# Scan snippets for one repository
pipeleek gl snippets scan --token glpat-xxxxxxxxxxx --url https://gitlab.example.com --repo mygroup/myproject

# Scan snippets of repositories in a namespace
pipeleek gl snippets scan --token glpat-xxxxxxxxxxx --url https://gitlab.example.com --namespace mygroup

Options

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
      --confidence strings         Filter for confidence level, separate by comma if multiple. See readme for more info.
  -h, --help                       help for scan
      --hit-timeout duration       Maximum time to wait for hit detection per scan item (e.g., 30s, 2m, 1h) (default 1m0s)
  -m, --member                     Scan projects the user is member of
  -n, --namespace string           Namespace to scan (all namespace repositories and subgroup repositories)
  -o, --owned                      Scan only user owned repositories
  -r, --repo string                Single repository to scan, format: namespace/repo
  -s, --search string              Query string for searching repositories
      --threads int                Number of concurrent threads for scanning (default 4)
      --truffle-hog-verification   Enable TruffleHog credential verification to actively test found credentials and only report verified ones (enabled by default, disable with --truffle-hog-verification=false) (default true)

Options inherited from parent commands

1
2
3
4
5
6
7
8
9
      --color              Enable colored log output (auto-disabled when using --logfile) (default true)
      --config string      Config file path. Example: ~/.config/pipeleek/pipeleek.yaml
      --ignore-proxy       Ignore HTTP_PROXY environment variable
      --json               Use JSON as log output format
      --log-level string   Set log level globally (debug, info, warn, error). Example: --log-level=warn
  -l, --logfile string     Log output to a file
  -t, --token string       GitLab API Token
  -u, --url string         GitLab instance URL
  -v, --verbose            Enable debug logging (shortcut for --log-level=debug)

SEE ALSO