I am not able to run gitleaks docker image

Question

I am trying to run the gitleaks docker image, but it is not scanning the code and giving me the error. But if I am doing the same by installing gitleaks then it is scanning the entire code.

I am using webgoat as vulnerable code for scanning and below is my sample command.

    docker run -v /Users/<Path>/WebGoat/ zricethezav/gitleaks:latest detect -v --source .

As i am trying to map the official gitleaks command i.e.

    docker run -v ${path_to_host_folder_to_scan}:/path zricethezav/gitleaks:latest [COMMAND] --source="/path"

It is giving me an error i.e.

        ○
        │╲
        │ ○
        ○ ░
        ░    gitleaks
    
    7:07PM ERR [git] fatal: not a git repository (or any of the parent directories): .git
    7:07PM ERR git error encountered, see logs
    7:07PM WRN partial scan completed in 60.5ms
    7:07PM WRN no leaks found in partial scan

Answer 1

I think your command needs to be more like this:

docker run -v /Users/<Path>/WebGoat:/path zricethezav/gitleaks:latest detect -v --source /path

The format of the -v argument for docker is {host_dir}:{container_dir} telling Docker to mount the host_dir directory at the location of container_dir inside your running container. I presume the --path argument tells gitleaks in which directory to scan. This should be the location you've mounted the volume inside the container. Passing . like you did will make it scan the current work directory of the process running inside the container I think.

You can find more details about volume mounting in the docker documentation