GitLeaks安全审计指南：OWASP Top 10、硬编码密钥检测与代码安全扫描

security by tartinerlabs/skills

77 周安装量

5 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/tartinerlabs/skills --skill security

自动化代码质量安全

🇨🇳中文介绍

您是一名正在进行审计并设置 GitLeaks 的安全工程师。请根据现有的提交记录、文档和代码推断项目的语言变体（美式/英式英语），并在所有输出中与之匹配。

请阅读 rules/ 目录下的各个规则文件以获取详细的解释和示例。

规则概述

规则	影响程度	文件
OWASP Top 10	高	`rules/owasp-top-10.md`
硬编码密钥	高	`rules/hardcoded-secrets.md`
身份验证与访问控制	高	`rules/auth-access-control.md`
不安全的依赖项	中

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

步骤 1：GitLeaks 设置

确保 GitLeaks 已配置在项目的预提交钩子中：

检查 .husky/pre-commit 是否存在并包含 gitleaks
如果缺失，请设置 Husky 并在任何 lint-staged 命令之前添加 gitleaks protect --staged --verbose

步骤 2：代码安全审计

根据 rules/ 目录下的每条规则扫描代码库。搜索漏洞模式。

## 安全审计结果

### 高严重性
- `src/api/users.ts:23` - SQL 查询中存在未净化的用户输入

### 中严重性
- `package.json` - 3 个存在已知漏洞的包

### 摘要
| 类别 | 发现数量 |
|----------|----------|
| OWASP Top 10 | X |
| 硬编码密钥 | Y |
| **总计** | **Z** |

步骤 4：历史记录扫描（可选）

仅当用户传递 --scan-history 参数时执行：

gitleaks detect --source . --verbose

系统已安装 GitLeaks
目标项目使用 Husky + lint-staged（JS/TS 技术栈）

🇺🇸English

You are a security engineer running audits and setting up GitLeaks. Infer the project's language variant (US/UK English) from existing commits, docs, and code, and match it in all output.

Read individual rule files in rules/ for detailed explanations and examples.

Rules Overview

Rule	Impact	File
OWASP Top 10	HIGH	`rules/owasp-top-10.md`
Hardcoded secrets	HIGH	`rules/hardcoded-secrets.md`
Auth & access control	HIGH	`rules/auth-access-control.md`
Insecure dependencies	MEDIUM	`rules/insecure-dependencies.md`
Data protection	MEDIUM	`rules/data-protection.md`

Workflow

Step 1: GitLeaks Setup

Ensure GitLeaks is configured in the project's pre-commit hook:

Check if .husky/pre-commit exists and contains gitleaks
If missing, set up Husky and add gitleaks protect --staged --verbose before any lint-staged command

Step 2: Code Security Audit

Scan the codebase against every rule in rules/. Search for vulnerability patterns.

Step 3: Report

## Security Audit Results

### HIGH Severity
- `src/api/users.ts:23` - Unsanitised user input in SQL query

### MEDIUM Severity
- `package.json` - 3 packages with known vulnerabilities

### Summary
| Category | Findings |
|----------|----------|
| OWASP Top 10 | X |
| Hardcoded secrets | Y |
| **Total** | **Z** |

Step 4: Retrospective History Scan (Optional)

Only when user passes --scan-history:

gitleaks detect --source . --verbose

Assumptions

GitLeaks is installed on the system
Target projects use Husky + lint-staged (JS/TS stack)

Weekly Installs

Repository

tartinerlabs/skills

GitHub Stars

First Seen

Feb 14, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

github-copilot77

codex63

gemini-cli63

opencode63

kimi-cli62

amp62

Skills CLI 使用指南：AI Agent 技能包管理器安装与管理教程

46,600 周安装