Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Git Secret Scan 3.1.0 - .gitleaksignore File Does Not Whitelist Items As Fingerprints Change

Max H
Max H April 2, 2025

I am still having issues with the 3.1.0 version of the git secret scanner pipe integration which I seemed to have faced in the previous versions too. The issue occurs when I try to include a .gitleaksignore file in my repository to exclude identified leaks.

Below is my configuration for the Secret Scanner, which uses default settings:

- step: &secrets-scan
   name: Run Secrets Scan
   script:
     - pipe: atlassian/git-secrets-scan:3.1.0

When this step runs on my repository, it correctly generates a report for a sample leak:

{EBEB178E-8110-4CC7-AC11-99895F63772B}.png

Next, I create a .gitleaksignore file in the root of my repository and include the exact fingerprint that was reported. When I commit these changes and the pipe reruns, I then get another failed scan and the same leak is picked up, but with a different fingerprint:

{8AEF0201-B8CE-417D-BF3E-5DD3024E539C}.png

It seems that after each commit, the fingerprint of this leak changes, potentially causing issues with the .gitleaksingore file correctly ignoring it. 

I have tried this with a separate repository and a separate list of leaks, and the same issue occurs. Can you advise if I am following the correct process? I believe this should be working as per my workflow. But I'm confused as to why the fingerprints in the report would be different with each pipe run.

Answer
Watch
Like Be the first to like this
124 views

1 answer

0 votes
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 3, 2025

Hi Max,

I've reached out to our pipes team for further assistance with this - thank you for your patience :)

Cheers!

- Ben (Bitbucket Cloud Support)

View More Comments
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 6, 2025

Sorry for the delay @Max H 

Can you enable debug mode and let me know if it reports any errors/anything that may reveal what might be occurring?

script:
  - pipe: atlassian/git-secrets-scan:3.1.0
    variables:
      DEBUG: "true"

Cheers!

- Ben (Bitbucket Cloud Support)

 

Like
Max H
Max H April 15, 2025

Hi Ben, I have enabled this and attached the log file with my actual leaks removed; there appears to be no log that indicates an error. Were you able to reproduce this by performing the steps I mentioned?

Alternatively, is there another way to achieve this using the pipe that you have found to be an alternative?

Status: Downloaded newer image for bitbucketpipelines/git-secrets-scan:3.1.0
 [37mDEBUG: Starting new HTTPS connection (1): bitbucket.org:443 [0m
 [37mDEBUG: https://bitbucket.org:443 "GET /bitbucketpipelines/official-pipes/raw/master/pipes.prod.json HTTP/11" 200 None [0m
 [34mINFO: Extend gitleaks command to create reports... [0m
 [37mDEBUG: gitleaks generated command: 
gitleaks git -v --report-path=gitleaks-report.json --report-format=json [0m
 [33mWARNING: Gitleaks detect result status code: 1, Finding:

...
leaks
...



│╲
│ ○
○ ░
░ gitleaks

 [90m1:23PM [0m  [32mINF [0m 54 commits scanned.
 [90m1:23PM [0m  [32mINF [0m scan completed in 154ms
 [90m1:23PM [0m  [31mWRN [0m leaks found: 22
 [0m
 [34mINFO: Generating CodeInsights reports... [0m
 [37mDEBUG: Starting new HTTP connection (1): host.docker.internal:29418 [0m
 [37mDEBUG: http://host.docker.internal:29418 "PUT http://api.bitbucket.org/2.0/repositories/app/app/commit/0a62aba088427dc682273b93844c3f2dca8dc974/reports/f02c03cd-16fe-4f0f-aeab-a4c7b4c6ca33 HTTP/11" 200 591 [0m
 [37mDEBUG: Starting new HTTP connection (1): host.docker.internal:29418 [0m
 [37mDEBUG: http://host.docker.internal:29418 "POST http://api.bitbucket.org/2.0/repositories/app/app/commit/0a62aba088427dc682273b93844c3f2dca8dc974/reports/%7B3cf6b72b-c9e1-5cdb-a75a-27ce25282c9e%7D/annotations HTTP/11" 200 None [0m
 [31m✖ Pipe has finished with a Results Status Code: 1 [0m
Searching for files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/**
Artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/** matched 0 files
Searching for files matching artifact pattern gitleaks-report.json
Artifact pattern gitleaks-report.json matched 1 files with a total size of 20 KiB
Compressed files matching artifact pattern gitleaks-report.json to 1.7 KiB in 0 seconds
Uploading artifact of 1.7 KiB
Successfully uploaded artifact in 1 seconds.


Searching for test report files in directories named [test-results, failsafe-reports, test-reports, TestResults, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.

 

Like
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 16, 2025

Hi @Max H 

I'm struggling to reproduce the issue (sorry - I'm a bit limited in my knowledge of this pipe), could you please share the full build step YAML config?

Cheers!

- Ben (Bitbucket Cloud Support)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.