Skip to content

feat(materials): add gitleaks json material type support #2693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Piskoo merged 7 commits into from
Jan 30, 2026
Merged

feat(materials): add gitleaks json material type support #2693

Piskoo merged 7 commits into from
Jan 30, 2026
+519 −23

Conversation

@Piskoo
Copy link
Collaborator

@Piskoo Piskoo commented Jan 29, 2026
edited
Loading

Summary

This PR adds a new GITLEAKS_JSON material type. JSON report returned by gitleaks is an array of objects, for validation we unmarshal each finding and then check for fingerprint field

Closes #2694

@Piskoo
add gitleaks report material type
8c66dc7 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo changed the title feat(attestation-material): add gitleaks material type feat(attestation-material): add gitleaks report material type Jan 30, 2026
migmartri
migmartri reviewed Jan 30, 2026
View reviewed changes
pkg/attestation/crafter/materials/gitleaks.go
}

var findings []GitleaksFinding
if err = json.Unmarshal(data, &findings); err != nil {
Copy link
Member

@migmartri migmartri Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what kind of validation are we making here to make sure it's a gitleaks report?

Do we check the tool? Does the json output have any openAPI spec published? I believe we make spec validations in some of those materials.

Copy link
Collaborator Author

@Piskoo Piskoo Jan 30, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't check the tool, the report is returned as an json array [{},{}] there's no tool information attached. There's no offical schema published. I decided to do validation similar to GHAS_SECRET_SCAN where we unmarshal and then check for a required field

migmartri
migmartri reviewed Jan 30, 2026
View reviewed changes
Piskoo added 2 commits January 30, 2026 10:26
@Piskoo
rename material and update validation
fa92808 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo
resolve conflicts
c57c8c2
@Piskoo Piskoo changed the title feat(attestation-material): add gitleaks report material type feat(materials): add gitleaks json material type support Jan 30, 2026
Piskoo added 2 commits January 30, 2026 10:48
@Piskoo
lint
3f3332d 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo
fix tests
68c06cb 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo marked this pull request as ready for review January 30, 2026 09:59
javirln
javirln previously approved these changes Jan 30, 2026
View reviewed changes
@Piskoo
update logger msg; use lower case for tool name
ce5f85e 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo requested a review from javirln January 30, 2026 11:14
@Piskoo
fix tests
bd89840 
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo merged commit 79aed1e into chainloop-dev:main Jan 30, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javirln javirln javirln approved these changes

@migmartri migmartri Awaiting requested review from migmartri

@jiparis jiparis Awaiting requested review from jiparis

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for gitleaks secrets scanning reports

3 participants

@Piskoo @migmartri @javirln