---
gitleaks_scan:
  image:
    name: zricethezav/gitleaks:latest
    entrypoint: [""]
  pull_policy: if-not-present
  stage: test
  tags: [gitleaks, scan]
  script:
    - gitleaks detect --source=. --config=gitleaks.toml --report-format=json --report-path=gitleaks-report.json
  allow_failure: false
  only: [main, testing, merge_requests]
  artifacts:
    when: always
    paths: [gitleaks-report.json]
    expire_in: 1 week