Skip to content

CCM-18514: Gitleaks Config Improvements#118

Merged
jamesthompson26-nhs merged 1 commit into
mainfrom
feature/CCM-18514_Gitleaks_Config_Improvements
Jul 9, 2026
Merged

CCM-18514: Gitleaks Config Improvements#118
jamesthompson26-nhs merged 1 commit into
mainfrom
feature/CCM-18514_Gitleaks_Config_Improvements

Conversation

@jamesthompson26-nhs

Copy link
Copy Markdown

Description

Switches pre-commit gitleaks to run against staged changes ONLY. This was preventing gitleaks checking the local staged changes which is what pre-commit is meant to be checking. CI will still check the whole history in case of history re-writes or naughty people who don't have pre-commit configured.

Updates the shared module tag for pre-commit and all shared actions to use the latest tag (all apart from scan-dependencies) to include more verbose guidance and KOP signposting for dealing with gitleaks.

Also brings the .gitleaksignore and gitleaks.toml into CODEOWNERS so platform must review.

Context

These changes back this new KOP for handling Gitleaks findings:
https://nhsd-confluence.digital.nhs.uk/spaces/RIS/pages/1429674058/PLAT-KOP-020+-+Handling+and+Safely+Ignoring+Gitleaks+False+Positives

This aims to avoid the issues we've seen lately with devs being blocked by other people's work in unmerged branches which should have been caught by pre-commit BEFORE getting into the repo history.

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@jamesthompson26-nhs jamesthompson26-nhs merged commit 8368ba1 into main Jul 9, 2026
47 checks passed
@jamesthompson26-nhs jamesthompson26-nhs deleted the feature/CCM-18514_Gitleaks_Config_Improvements branch July 9, 2026 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants