DevSecOps practices are important for organizations especially when it comes to code repositories. Your code should avoid hard coded passwords and secrets for many reasons as a leak may occur. In this guide I will examine how you can massively scan Azure DevOps repositories for security leaks as passwords and secrets with gitleaks utility.
https://github.com/gitleaks/gitleaks
Simon has provided a very useful script that you can use in order to download all your repositories from Azure DevOps.
Cloning all repositories from Azure DevOps using Azure CLI – Simon Wahlin
When you execute the script, all the repositories will be downloaded inside your project folder.
Then you will need to install gitleaks and execute for each repository.
$folder_for_cleanup = "C:\Users\geralexgr\Documents\AzureRepos" Get-ChildItem $folder_for_cleanup | Sort -Property FullName | ForEach-Object { gitleaks detect -s $_.FullName -v >> gitleaks-results.txt echo "######################################################################################################" >> gitleaks-results.txt }
The scan will go through each repository and scan for leaks. The output will be stored in gitleaks-result text file.