Webeet.io · DevSecOps Internship · Jan 2026
✅ Closed as completed — Status: Done
Parent Epic: SEC-INC: Secret Leak Remediation & Hardening #22
Assigned to: sergepatrickdim-lgtm
A real GCP credential leak was detected in the codebase. This task was created to prevent future secret leaks at both commit time and CI/CD pipeline level — closing the gap permanently by automating detection before secrets ever reach the remote repository.
Secrets (API keys, cloud credentials, high-entropy strings) were being committed to the repository without any automated detection. There was no gate at commit time and no check in the CI pipeline, leaving the codebase exposed to accidental credential exposure.
- Integrated Gitleaks v8.21.2 into the GitHub Actions CI workflow
- Triggers on
pushtodevelopmentbranch and allpull_requestevents - Runs on
ubuntu-latestwithcontents: readpermissions - Installs Gitleaks from official GitHub release, runs
gitleaks detect --source . --verbose --redact - Pipeline fails the build if any high-entropy strings or known key patterns are detected
- Covers AWS, GCP, Azure keys and generic high-entropy secrets
- 2 commits · 3 files changed · +63 / -16
- Configured pre-commit hooks to scan for secrets before any commit is accepted locally
- Scans for JSON key patterns
- Blocks commits containing potential secrets
- Prevents secrets from ever reaching the remote repository
As part of the implementation, resolved a .gitignore merge conflict (scope-limited) to ensure the following files are properly excluded from the repository:
gitleaks-baseline.json— Gitleaks baseline configreplacements.txt— secret replacement patternsdocker-test.txt/docker-write-test.txt— local test artifacts
Branch: feature/INC-3-secret-scanning-clean-minimal → main
Commit 9875aaa · Feb 6, 2026 · +5 / -1
- Add Gitleaks to the CI pipeline (GitHub Actions)
- Fail the build if high-entropy strings or known key patterns are detected
- Add Pre-Commit Hooks to scan for JSON key patterns
- Block commits containing potential secrets
| Date | Action |
|---|---|
| Jan 20 | Issue opened by AlejandroRomanIbanez |
| Jan 26 | Self-assigned by sergepatrickdim-lgtm |
| Jan 27 | Moved to In Progress |
| Jan 27 | Moved to Done — closed as completed |
Gitleaks · GitHub Actions · Pre-commit · CI/CD · DevSecOps
See
/screenshots/folder — includes issue overview, acceptance criteria, and completion status.
Part of a DevSecOps internship at Webeet.io (Jan 2025 – Mar 2026). Code belongs to Webeet.io — this repo documents the work via issue screenshots and technical write-up.