📢 Announcement

6/13/2022

On June 2, 2022, we released Gitleaks Action v2. There are a boatload of improvements in v2, but it also represents a breaking change from the prior version (v1.6.0). We haven't merged v2 to the master branch yet because we noticed that many users of Gitleaks Action don't pin their version. If you are using zricethezav/gitleaks-action@master (or now gitleaks/gitleaks-action@master), then as soon as we merge v2 to master, your jobs will start failing.

We are planning to complete the merge on June 20, 2022. We recommend updating your .yml files to use v2 now so you aren't scrambling to do it after your gitleaks-action jobs start failing. As an alternative, you can pin your version to v1.6.0 for now, if you aren't ready to upgrade at the moment.

How to upgrade to v2

For full details, see the v2 README here: https://github.com/gitleaks/gitleaks-action/tree/v2. Here is the quick list of changes to your .yml:

• Change the "uses" line to - uses: gitleaks/gitleaks-action@v2
• Add an env: section with GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
• If you are scanning repos that belong to an organization, you'll also have to acquire a GITLEAKS_LICENSE, add the license to your GitHub Secrets, and add this line to the env: section: GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}

How to pin to v1.6.0

• Change your "uses" line to gitleaks/gitleaks-action@v1.6.0
• Set a reminder to upgrade to v2 later.