Skip to content
Recued
Menu
← Back to packs

Gitleaks Pack

by recued-core v1 app_pack

V3 deterministic local secret-scan capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local gitleaks CLI ingredient exposes bounded project operations for readiness and redacted filesystem secret scans. The local gitleaks CLI scans one source path as ordinary files and writes a redacted JSON report via the security.scan_secrets catalog operation. Bundles a manual scan recipe and a scheduled project secret-scan workflow so users can turn trusted folders into recurring local security checks. Fixed-function and reproducible: filesystem dir scan mode only, no generic git command, no history log options, no caller-supplied config/baseline path, and no arbitrary flags. The executor materializes CAS file refs when present and owns the throwaway output directory, while gitleaks writes a fixed gitleaks.json report captured as result.file_ref. Requires gitleaks on PATH (Debian/Ubuntu: apt install gitleaks). Local and no-egress.

What this pack installs

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Device + server Runs on your device (browser) or your server.

What it's allowed to do

Write Local CLI gitleaks external change
Read: gitleaks.version · No approvalWrite: security.scan_secrets · No approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:gitleaksgitleaksclisecuritysecretsscanrecipeschedulewatchjsondeterministiclocal-servicev3composition