A minimalist, containerized CLI tool to rapidly scan Git repositories for secrets, with an optional AI-powered validation layer to eliminate false positives.
Gitleaks-Lite is built for developers who need fast, accurate results without complex configuration.
No config files needed. A curated, high-confidence ruleset is built-in for immediate, effective scanning.
Optionally use the Google Gemini API to analyze context and intelligently filter out false positives from test data or examples.
Runs in a minimal, non-root Docker container. The only dependency is Docker itself, ensuring a secure and isolated environment.
High-Speed Regex Scan
The tool first performs a fast, local scan of the entire Git history, flagging all potential findings.
Optional: AI Validation
If enabled, each finding and its code context is sent to the Gemini API for a smart security review.
High-Confidence Report
The final output contains only confirmed secrets, resulting in a clean, actionable report in your console or as JSON.
First, clone the repository and build the self-contained Docker image.
git clone https://github.com/workflowsdiy/gitleaks-lite.git
cd gitleaks-lite
docker build -t gitleaks-lite .Scan any local Git repository by mounting it as a volume. Enable AI validation by adding your API key.
# Standard Scan (Regex-Only)
docker run --rm -v "/path/to/your/repo:/scan" gitleaks-lite git /scan
# GenAI-Enhanced Scan
docker run --rm -v "/path/to/repo:/scan" \
-e GEMINI_API_KEY="YOUR_API_KEY" \
gitleaks-lite git /scan