add gitleaks scan for CI/CD

.gitlab-ci.yml

@@ -0,0 +1,17 @@
+---
+gitleaks_scan:
+  image: 
+    name: zricethezav/gitleaks:latest
+    entrypoint: [""]
+  stage: test
+  tags: [gitleaks, scan]
+  script:
+    - gitleaks detect --source=. --config=gitleaks.toml --report-format=json --report-path=gitleaks-report.json
+  allow_failure: false
+  only: [main, testing, merge_requests]
+
+  artifacts:
+    when: always
+    paths:
+      - gitleaks-report.json
+    expire_in: 1 week

gitleaks.toml

@@ -0,0 +1,25 @@
+title = "Gitleaks Docker Compose CI/CD Config"
+
+[[rules]]
+id = "docker-env-password"
+description = "Possible password in docker-compose environment"
+regex = '''(?i)([A-Z0-9_]*(PASSWORD|PASS|PWD))[=:]\s*['"]?[A-Za-z0-9!@#$%^&*()_+={}\[\]:;,.<>?~-]{6,}['"]?'''
+tags = ["docker", "compose", "password", "env"]
+
+[[rules]]
+id = "docker-env-secret"
+description = "Generic secret or token in docker-compose environment"
+regex = '''(?i)(SECRET|TOKEN|API[_-]?KEY)[=:]\s*['"]?[A-Za-z0-9_\-]{16,}['"]?'''
+tags = ["docker", "compose", "secret", "env"]
+
+[[rules]]
+id = "aws-credentials"
+description = "AWS Access Key or Secret"
+regex = '''(AKIA[0-9A-Z]{16}|(?i)aws[_-]secret[_-]access[_-]key\s*[:=]\s*[A-Za-z0-9/+=]{40})'''
+tags = ["aws", "compose", "credentials"]
+
+[[rules]]
+id = "private-key"
+description = "Private key detected"
+regex = '''-----BEGIN( RSA| EC| DSA)? PRIVATE KEY-----'''
+tags = ["key", "pem", "compose"]