drevops · AlexSkrypnyk · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -142,6 +142,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:3.1.0 . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:v8.30.1 dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/.github/workflows/build-test-deploy.yml b/.github/workflows/build-test-deploy.yml
@@ -126,6 +126,10 @@ jobs:
         run: docker run --rm -v "${PWD}":/app zavoloklom/dclint:3.1.0 .
         continue-on-error: ${{ vars.VORTEX_CI_DCLINT_IGNORE_FAILURE == '1' }}
 
+      - name: Scan for committed secrets with Gitleaks
+        run: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:v8.30.1 dir . --no-banner
+        continue-on-error: ${{ vars.VORTEX_CI_GITLEAKS_IGNORE_FAILURE == '1' }}
+
       - name: Build stack
         run: docker compose up --no-deps --detach cli
 

diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -0,0 +1,28 @@
+# Gitleaks configuration for projects based on Vortex.
+#
+# Extends the default Gitleaks ruleset and allowlists the placeholder and
+# example values that Vortex ships, plus third-party and generated paths, so a
+# clean install reports zero findings while still catching real secrets.
+#
+# https://github.com/gitleaks/gitleaks
+
+[extend]
+useDefault = true
+
+[[allowlists]]
+description = "Third-party, generated, and local-only paths that must not be scanned."
+paths = [
+  '''(^|/)\.artifacts/''',
+  '''(^|/)\.data/''',
+  '''(^|/)\.git/''',
+  #;< VORTEX_DEV
+  '''(^|/)\.vortex/''',
+  #;> VORTEX_DEV
+  '''(^|/)node_modules/''',
+  '''(^|/)vendor/''',
+  '''(^|/)web/core/''',
+  '''(^|/)web/libraries/''',
+  '''(^|/)web/modules/contrib/''',
+  '''(^|/)web/sites/default/files/''',
+  '''(^|/)web/themes/contrib/''',
+]
diff --git a/.vortex/docs/content/tools/README.mdx b/.vortex/docs/content/tools/README.mdx
@@ -27,6 +27,7 @@ Head over to the tool-specific documentation to learn more.
 | [ESLint](eslint.mdx)               | JavaScript linter with Prettier integration for custom modules                          |
 | [Gherkin Lint](gherkin-lint.mdx)   | Provides a Gherkin linter for PHP                                                       |
 | [Git artifact](git-artifact.mdx)   | Package and push files to remote repositories                                           |
+| [Gitleaks](gitleaks.mdx)           | Detect hardcoded secrets like passwords, API keys, and tokens                           |
 | [Hadolint](hadolint.mdx)           | A smarter Dockerfile linter that helps you build best practice container images         |
 | [PHPCS](phpcs.mdx)                 | Check that code adheres to coding standards                                             |
 | [PHPMD](phpmd.mdx)                 | Detect code smells and possible errors                                                  |

diff --git a/.vortex/docs/content/tools/gitleaks.mdx b/.vortex/docs/content/tools/gitleaks.mdx
@@ -0,0 +1,39 @@
+# Gitleaks
+
+https://github.com/gitleaks/gitleaks
+
+> A tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in code.
+
+:::note
+
+**Vortex** does not install Gitleaks locally. Please follow the [instructions](https://github.com/gitleaks/gitleaks#installing) to install it on your system.
+
+In CI, Gitleaks runs from its official Docker image as part of the lint job.
+
+:::
+
+## Usage
+
+```shell
+gitleaks dir .
+```
+
+Gitleaks reads its configuration from the `.gitleaks.toml` file at the repository root. The shipped allowlist is tuned for Drupal projects so that a clean install reports no findings while real secrets are still detected.
+
+## Ignoring
+
+To ignore a single line, add a `gitleaks:allow` comment to it:
+
+```php
+$settings['example'] = 'not-a-real-secret'; // gitleaks:allow
+```
+
+To ignore a path or a recurring known-safe value across the codebase, add it to the `.gitleaks.toml` file at the repository root. See the [configuration documentation](https://github.com/gitleaks/gitleaks#configuration).
+
+## Ignoring fail in continuous integration pipeline
+
+This tool runs in continuous integration pipeline by default and fails the build
+if there are any violations.
+
+Set `VORTEX_CI_GITLEAKS_IGNORE_FAILURE` environment variable to `1` to ignore
+failures. The tool will still run and report violations, if any.
diff --git a/.vortex/docs/cspell.json b/.vortex/docs/cspell.json
@@ -43,6 +43,7 @@
         "drush",
         "ergebnis",
         "gherkinlint",
+        "gitleaks",
         "hadolint",
         "hotfixes",
         "htpasswd",
@@ -79,6 +80,7 @@
         "simpletest",
         "testmode",
         "standardise",
+        "toml",
         "updatedb",
         "uselagoon",
         "utilising",

diff --git a/...nstaller/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml b/...nstaller/tests/Fixtures/handler_process/_baseline/.github/workflows/build-test-deploy.yml
@@ -119,6 +119,10 @@ jobs:
         run: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ .
         continue-on-error: ${{ vars.VORTEX_CI_DCLINT_IGNORE_FAILURE == '1' }}
 
+      - name: Scan for committed secrets with Gitleaks
+        run: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner
+        continue-on-error: ${{ vars.VORTEX_CI_GITLEAKS_IGNORE_FAILURE == '1' }}
+
       - name: Build stack
         run: docker compose up --no-deps --detach cli
 

diff --git a/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/_baseline/.gitleaks.toml
@@ -0,0 +1,25 @@
+# Gitleaks configuration for projects based on Vortex.
+#
+# Extends the default Gitleaks ruleset and allowlists the placeholder and
+# example values that Vortex ships, plus third-party and generated paths, so a
+# clean install reports zero findings while still catching real secrets.
+#
+# https://github.com/gitleaks/gitleaks
+
+[extend]
+useDefault = true
+
+[[allowlists]]
+description = "Third-party, generated, and local-only paths that must not be scanned."
+paths = [
+  '''(^|/)\.artifacts/''',
+  '''(^|/)\.data/''',
+  '''(^|/)\.git/''',
+  '''(^|/)node_modules/''',
+  '''(^|/)vendor/''',
+  '''(^|/)web/core/''',
+  '''(^|/)web/libraries/''',
+  '''(^|/)web/modules/contrib/''',
+  '''(^|/)web/sites/default/files/''',
+  '''(^|/)web/themes/contrib/''',
+]
diff --git a/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml b/.vortex/installer/tests/Fixtures/handler_process/ciprovider_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/...es/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml b/...es/handler_process/code_coverage_provider_codecov/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -446,6 +446,17 @@
+@@ -450,6 +450,17 @@
              </details>
            hide_and_recreate: true
 

diff --git a/...sts/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml b/...sts/Fixtures/handler_process/code_coverage_provider_codecov_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/...ixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml b/...ixtures/handler_process/db_download_source_acquia/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -255,6 +255,9 @@
+@@ -259,6 +259,9 @@
            VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30

diff --git a/...x/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml b/...x/installer/tests/Fixtures/handler_process/deploy_types_all_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/.../installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml b/.../installer/tests/Fixtures/handler_process/deploy_types_none_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/...ts/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml b/...ts/Fixtures/handler_process/deploy_types_none_gha/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -511,98 +511,3 @@
+@@ -515,98 +515,3 @@
          timeout-minutes: 120 # Cancel the action after 120 minutes, regardless of whether a connection has been established.
          with:
            detached: true

diff --git a/...ler/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml b/...ler/tests/Fixtures/handler_process/deps_updates_provider_ci_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/...ler/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml b/...ler/tests/Fixtures/handler_process/hosting_acquia/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -255,6 +255,9 @@
+@@ -259,6 +259,9 @@
            VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30

diff --git a/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml b/.vortex/installer/tests/Fixtures/handler_process/hosting_acquia/.gitleaks.toml
@@ -0,0 +1,15 @@
+@@ -17,9 +17,9 @@
+   '''(^|/)\.git/''',
+   '''(^|/)node_modules/''',
+   '''(^|/)vendor/''',
+-  '''(^|/)web/core/''',
+-  '''(^|/)web/libraries/''',
+-  '''(^|/)web/modules/contrib/''',
+-  '''(^|/)web/sites/default/files/''',
+-  '''(^|/)web/themes/contrib/''',
++  '''(^|/)docroot/core/''',
++  '''(^|/)docroot/libraries/''',
++  '''(^|/)docroot/modules/contrib/''',
++  '''(^|/)docroot/sites/default/files/''',
++  '''(^|/)docroot/themes/contrib/''',
+ ]
diff --git a/...res/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml b/...res/handler_process/hosting_project_name___acquia/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -255,6 +255,9 @@
+@@ -259,6 +259,9 @@
            VORTEX_DOWNLOAD_DB_SEMAPHORE=/tmp/download-db-success ./vendor/drevops/vortex-tooling/src/download-db
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30

diff --git a/...tex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml b/...tex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/.gitleaks.toml
@@ -0,0 +1,15 @@
+@@ -17,9 +17,9 @@
+   '''(^|/)\.git/''',
+   '''(^|/)node_modules/''',
+   '''(^|/)vendor/''',
+-  '''(^|/)web/core/''',
+-  '''(^|/)web/libraries/''',
+-  '''(^|/)web/modules/contrib/''',
+-  '''(^|/)web/sites/default/files/''',
+-  '''(^|/)web/themes/contrib/''',
++  '''(^|/)docroot/core/''',
++  '''(^|/)docroot/libraries/''',
++  '''(^|/)docroot/modules/contrib/''',
++  '''(^|/)docroot/sites/default/files/''',
++  '''(^|/)docroot/themes/contrib/''',
+ ]
diff --git a/...installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml b/...installer/tests/Fixtures/handler_process/migration_disabled_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli

diff --git a/.../handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml b/.../handler_process/migration_download_source_acquia/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/...cess/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml b/...cess/migration_download_source_container_registry/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/...res/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml b/...res/handler_process/migration_download_source_ftp/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/.../handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml b/.../handler_process/migration_download_source_lagoon/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/...ures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml b/...ures/handler_process/migration_download_source_s3/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/...res/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml b/...res/handler_process/migration_download_source_url/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/.../tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml b/.../tests/Fixtures/handler_process/migration_enabled/.github/workflows/build-test-deploy.yml
@@ -1,4 +1,4 @@
-@@ -256,6 +256,9 @@
+@@ -260,6 +260,9 @@
            echo "db_hash=${{ hashFiles('.data') }}" >> "$GITHUB_ENV"
          timeout-minutes: 30
 
@@ -8,7 +8,7 @@
        - name: Export DB
          run: |
            if [ ! -f /tmp/download-db-success ]; then echo "==> Database download semaphore file is missing. DB export will not proceed."; exit 0; fi
-@@ -387,6 +390,10 @@
+@@ -391,6 +394,10 @@
            if [ -f .data/db.sql ]; then
              docker compose exec cli mkdir -p .data
              docker compose cp -L .data/db.sql cli:/app/.data/db.sql

diff --git a/.../installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml b/.../installer/tests/Fixtures/handler_process/migration_enabled_circleci/.circleci/config.yml
@@ -131,6 +131,10 @@ jobs:
           name: Lint Docker Compose files with DCLint
           command: docker run --rm -v "${PWD}":/app zavoloklom/dclint:__VERSION__ . || [ "${VORTEX_CI_DCLINT_IGNORE_FAILURE:-0}" -eq 1 ]
 
+      - run:
+          name: Scan for committed secrets with Gitleaks
+          command: docker run --rm -v "${PWD}":/repo -w /repo ghcr.io/gitleaks/gitleaks:__VERSION__ dir . --no-banner || [ "${VORTEX_CI_GITLEAKS_IGNORE_FAILURE:-0}" -eq 1 ]
+
       - run:
           name: Build stack
           command: docker compose up --no-deps --detach cli