Gitleaks scans Git repositories for hardcoded secrets using a comprehensive set of detection rules covering API keys, passwords, tokens, private keys, and other sensitive credentials across dozens of service providers. Unlike simple regex scanners, Gitleaks understands Git history and can scan every commit to find secrets that were committed and later removed but remain in the repository history where attackers can find them.
The tool integrates into development workflows at multiple points: as a pre-commit hook that prevents secrets from being committed locally, as a CI/CD pipeline step that blocks merges containing credentials, or as a scheduled scan that audits existing repositories. Configuration via a TOML file allows teams to define custom rules, allowlists for false positives, and path exclusions for generated files.
With over 16,000 GitHub stars, Gitleaks is one of the most widely adopted secret detection tools in the developer security ecosystem. It is frequently paired with AI-driven triage tools to prioritize findings by risk level. The tool is completely free and open-source, written in Go for cross-platform performance, and regularly updated with new detection patterns for emerging cloud services and API providers.