SKILL·CF705D

secrets-gitleaks

rohunj
Updated 1 month ago
10 views
230
39
230
View on GitHub
Othersecretsgitleakssecret-scanningdevsecopsci-cdcredentialsapi-keyscompliance

About

This Claude Skill detects hardcoded secrets like API keys and credentials in git repositories using Gitleaks. It scans code via regex and entropy analysis for pre-commit hooks, CI/CD integration, and compliance audits. Use it to prevent secret leakage and remediate exposures in both new commits and git history.

Quick Install

Claude Code

Recommended
Primary
npx skills add rohunj/claude-build-workflow -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/rohunj/claude-build-workflow
Git CloneAlternative
git clone https://github.com/rohunj/claude-build-workflow.git ~/.claude/skills/secrets-gitleaks

Copy and paste this command in Claude Code to install this skill

GitHub Repository

rohunj/claude-build-workflow
Path: skills/security/secrets-gitleaks
0
FAQ

Frequently asked questions

What is the secrets-gitleaks skill?

secrets-gitleaks is a Claude Skill by rohunj. Skills package instructions and resources that Claude loads on demand, so Claude can perform secrets-gitleaks-related tasks without extra prompting.

How do I install secrets-gitleaks?

Use the install commands on this page: add secrets-gitleaks to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.

What category does secrets-gitleaks belong to?

secrets-gitleaks is in the devsecops category, tagged secrets, gitleaks, secret-scanning, devsecops, ci-cd and credentials.

Is secrets-gitleaks free to use?

Yes. secrets-gitleaks is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.

Related Skills

container-hadolint
Other

This Claude Skill performs automated Dockerfile security linting using Hadolint, checking for misconfigurations, hardcoded secrets, and violations of the CIS Docker Benchmark. It's designed to integrate shift-left security into CI/CD pipelines and developer workflows. Use it to enforce container best practices and get remediation guidance directly within your development process.

View skill
container-grype
Other

This skill scans container images and filesystems for vulnerabilities using Grype, integrating CVSS, EPSS, and CISA KEV data for risk prioritization. It's designed for CI/CD pipeline integration, SBOM analysis, and generating security reports in formats like JSON and SARIF. Use it to implement automated vulnerability scanning and threshold-based security gating in your development workflow.

View skill
sca-trivy
Other

The `sca-trivy` skill performs comprehensive security scanning using Aqua Trivy, identifying vulnerabilities in container images, dependencies across multiple languages, and Infrastructure-as-Code configurations. It integrates into CI/CD pipelines, outputs results in SARIF format, and can generate SBOMs. Use it to automate vulnerability detection and prioritize fixes by CVSS score within your development workflow.

View skill
iac-checkov
Other

This skill performs automated security and compliance scanning for Infrastructure as Code files using Checkov. It detects misconfigurations, hardcoded secrets, and validates against major compliance benchmarks across Terraform, Kubernetes, and other IaC formats. Use it to integrate policy-as-code security checks directly into your development or CI/CD pipelines.

View skill