# Install gitleaks with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper

Audit git repos for secrets. Version 8.30.1 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:gitleaks
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install gitleaks
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install gitleaks
```

  Evidence: MacPorts ports tree: security/gitleaks/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add gitleaks
```

  Evidence: Alpine Linux edge package indexes: gitleaks from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install gitleaks
```

  Evidence: Debian stable package indexes: gitleaks from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install gitleaks
```

  Evidence: Fedora Rawhide package metadata: gitleaks from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#gitleaks
```

  Evidence: nixpkgs package indexes: pkgs/by-name/gi/gitleaks/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S gitleaks
```

  Evidence: Arch Linux sync databases: gitleaks from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install gitleaks
```

  Evidence: openSUSE Tumbleweed package metadata: gitleaks from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install gitleaks
```

  Evidence: Chocolatey community package catalog: gitleaks from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='7.3136','buttercup'

- Scoop (92%):

```sh
scoop install main/gitleaks
```

  Evidence: Scoop official bucket manifest trees: bucket/gitleaks.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id Gitleaks.Gitleaks -e
```

  Evidence: Windows Package Manager source index: Gitleaks.Gitleaks from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:gitleaks
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/gitleaks>
- **Version:** 8.30.1
- **Source summary:** Audit git repos for secrets
- **Homepage:** <https://gitleaks.io/>
- **Repository:** <https://github.com/gitleaks/gitleaks>
- **Upstream docs:** <https://github.com/gitleaks/gitleaks#readme>
- **License:** MIT
- **Source archive:** <https://github.com/gitleaks/gitleaks/archive/refs/tags/v8.30.1.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- gitleaks (cli)
- gitleaks (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 8.30.1
- Local data: ok
- Upstream repository: https://github.com/gitleaks/gitleaks
- Upstream latest detected: v8.30.1 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Gitleaks is an open-source secret scanner for Git repositories, files, directories, and standard input. It is best known as a fast CLI that can run locally, in pre-commit hooks, in containers, or in CI before leaked credentials reach shared history.

### Project history

The GitHub repository was created in January 2018 and grew around a rule-based scanner for passwords, API keys, and tokens. The project is written in Go and ships a default TOML configuration containing detection rules and allowlists.

The v8 command model consolidated scanning around git, dir, and stdin modes, while older detect and protect commands were hidden for compatibility. The README later described the project as feature complete, with security patches as the maintenance focus and Betterleaks named as the author's new direction.

### Adoption history

Gitleaks gained strong adoption in the DevSecOps ecosystem because it fits several control points: developer workstations, pre-commit hooks, pull-request checks, scheduled repository scans, and containerized CI jobs. The project homepage cites large Docker, GitHub release, and Homebrew usage figures, and the GitHub repository has a large star and fork count.

The official Gitleaks GitHub Action widened adoption by giving teams a hosted-CI path for scanning pull requests and commits without writing their own wrapper around the CLI.

### How it is used

Practitioners use gitleaks git to scan repository history, gitleaks dir to scan working trees or exported source, and gitleaks stdin for pipeline streams. Baseline reports let teams suppress already-known findings while failing builds for newly introduced secrets.

Teams customize .gitleaks.toml when they need organization-specific rules, allowlists, report formats, or redaction behavior. In package-manager workflows, the single binary makes it easy to add secret scanning to local development and CI images without a language runtime.

### Why package nerds care

Gitleaks is a package-manager favorite because it is a Go security utility with broad platform binaries, Docker images, a pre-commit hook, and an official action. That combination makes it easy to pin in reproducible developer environments and CI toolchains.

### Timeline

- 2018: The gitleaks/gitleaks repository was created.
- 2022: v8-era releases emphasized the newer git, dir, and stdin scanning modes.
- 2024: v8.19.0 hid the older detect and protect commands in favor of the newer command names.
- 2026: The README described Gitleaks as feature complete, with future releases focused on security patches.

### Related projects

- Gitleaks Action is the official GitHub Action for running scans on pull requests, commits, or on demand.
- Betterleaks is named by the maintainer as the follow-on project receiving new feature work.

### Sources

- <https://api.github.com/repos/gitleaks/gitleaks>
- <https://github.com/gitleaks/gitleaks>
- <https://gitleaks.io/>
- <https://raw.githubusercontent.com/gitleaks/gitleaks/master/README.md>
- <https://raw.githubusercontent.com/gitleaks/gitleaks/master/config/gitleaks.toml>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: (target path)/.gitleaks.toml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** gitleaks
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - gitleaks - 8.16.0-1+b12: normalized package name match | Debian stable package indexes: gitleaks from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | protect and discover secrets using Gitleaks 🔑 | https://github.com/gitleaks/gitleaks
- Nix - gitleaks: normalized package name match | nixpkgs package indexes: pkgs/by-name/gi/gitleaks/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - gitleaks - 8.16.0-1build1: normalized package name match | Ubuntu 24.04 LTS package indexes: gitleaks from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | protect and discover secrets using Gitleaks 🔑 | https://github.com/gitleaks/gitleaks
- apk - gitleaks - 8.30.1-r0: normalized package name match | Alpine Linux edge package indexes: gitleaks from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Audit Git repos for secrets and keys | https://github.com/gitleaks/gitleaks
- apk - gitleaks-bash-completion - 8.30.1-r0: normalized package name match | Alpine Linux edge package indexes: gitleaks-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Bash completions for gitleaks | https://github.com/gitleaks/gitleaks
- apk - gitleaks-doc - 8.30.1-r0: normalized package name match | Alpine Linux edge package indexes: gitleaks-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Audit Git repos for secrets and keys (documentation) | https://github.com/gitleaks/gitleaks
- apk - gitleaks-fish-completion - 8.30.1-r0: normalized package name match | Alpine Linux edge package indexes: gitleaks-fish-completion from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Fish completions for gitleaks | https://github.com/gitleaks/gitleaks
- apk - gitleaks-zsh-completion - 8.30.1-r0: normalized package name match | Alpine Linux edge package indexes: gitleaks-zsh-completion from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Zsh completions for gitleaks | https://github.com/gitleaks/gitleaks
- dnf - gitleaks - 8.30.1-1.fc45: normalized package name match | Fedora Rawhide package metadata: gitleaks from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Scan git repos (or files) for secrets using regex and entropy | https://github.com/zricethezav/gitleaks
- pacman - gitleaks - 8.30.1-1: normalized package name match | Arch Linux sync databases: gitleaks from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Audit Git repos for secrets and keys | https://github.com/gitleaks/gitleaks
- zypper - gitleaks - 8.30.1-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitleaks from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Protect and discover secrets using Gitleaks | https://github.com/gitleaks/gitleaks
- zypper - gitleaks-bash-completion - 8.30.1-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitleaks-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Bash Completion for gitleaks | https://github.com/gitleaks/gitleaks
- zypper - gitleaks-fish-completion - 8.30.1-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitleaks-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Fish Completion for gitleaks | https://github.com/gitleaks/gitleaks
- zypper - gitleaks-zsh-completion - 8.30.1-1.1: normalized package name match | openSUSE Tumbleweed package metadata: gitleaks-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Zsh Completion for gitleaks | https://github.com/gitleaks/gitleaks
- MacPorts - gitleaks: normalized package name match | MacPorts ports tree: security/gitleaks/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Chocolatey - gitleaks: normalized package name match | Chocolatey community package catalog: gitleaks from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='7.3136','buttercup'


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Shares av.db curated category or tags: cli, devsecops, secret-scanning, security.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [git-secrets](https://www.automicvault.com/pkg/brew/git-secrets/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [squealer](https://www.automicvault.com/pkg/brew/squealer/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [tartufo](https://www.automicvault.com/pkg/brew/tartufo/) - Shares av.db curated category or tags: cli, git, secret-scanning, security.
- [kingfisher](https://www.automicvault.com/pkg/brew/kingfisher/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [mantra](https://www.automicvault.com/pkg/brew/mantra/) - Shares av.db curated category or tags: cli, secret-scanning, security.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, devsecops, security.

## Combined YAML source

View the package source record on GitHub. [combined/gitleaks.yml](https://github.com/automic-vault/db/blob/main/combined/gitleaks.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
