Skip to content

Bump zricethezav/gitleaks-action from 1 to 2#5

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/zricethezav/gitleaks-action-2
Open

Bump zricethezav/gitleaks-action from 1 to 2#5
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/zricethezav/gitleaks-action-2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Feb 21, 2026

Bumps zricethezav/gitleaks-action from 1 to 2.

Release notes

Sourced from zricethezav/gitleaks-action's releases.

v2.0.0

What's Changed

Gitleaks-Action Version 2 brings a range of new features including:

1. On demand scans

You can now use workflow_dispatch events to trigger on demand gitleaks scans.

2. Gitleaks report artifact uploads

Not much more to say here. Download reports when leaks are present. Pretty useful feature.

3. Powered by the latest version of Gitleaks

The latest version of gitleaks (v8.8.6 at the time of writing) has better performance, more configuration options, and is more accurate than the previous major version.

4. Job summaries

Easy to understand report of a Gitleaks job. If no leaks are detected you'll see:

If leaks are detected you'll see something like:

5. Faster job times

Gitleaks-Action Version 2 does not rely on Docker build anymore.

6. Pull Request Comments

If a leak is encountered during a pull request, gitleaks-action will comment on the line number and commit containing the secret.

What's fixed

  • Older versions of the gitleaks-action relied on using git log to determine the range of commits. Version 2 of gitleaks-action ensures that only relevent commits are scanned by leveraging Action context and GitHub's API.

Getting started with Version 2

Getting a License-Key (ONLY FOR ORGANIZATION REPOS, USER ACCOUNTS DO NOT NEED A LICENSE KEY)

Before enabling Gitleaks-Action Version 2, you will need to obtain a gitleaks-action license key from gitleaks.io if you are using gitleaks within the context of an organization. If you are using gitleaks-aciton on a user account's repo, you do not need a license key. You can sign up for a free license key that will grant you access to use gitleaks-action on one repo. The free tier sign up link will take you to a google forms page where you can fill out your information. After filling out your information, you should receive an email similar to the one below.

NOTE: be patient with the free tier, the google forms API can be slow.

NOTE: 1 free license per account.

... (truncated)

Commits
  • ff98106 Merge pull request #181 from gitleaks/bump-cache-version
  • 3362625 bump cache
  • f586c14 Merge pull request #178 from gitleaks/4-16-update
  • b96e8de Merge pull request #113 from paulschuberth/master
  • 019a6bc bump default gitleaks version, update license filename, fix vulns
  • 0a13e64 rebase onto upstream
  • 0c98655 Add env variable to override baseRef
  • 83373cf update
  • 3de39ed disable keygen check
  • dea2b73 Merge pull request #165 from HannesOberreiter/patch-1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump zricethezav/gitleaks-action from 1 to 2
4dd323c 
Bumps [zricethezav/gitleaks-action](https://github.com/zricethezav/gitleaks-action) from 1 to 2.
- [Release notes](https://github.com/zricethezav/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@v1...v2)

---
updated-dependencies:
- dependency-name: zricethezav/gitleaks-action
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants