NHSDigital · anthony-nhs · Apr 21, 2026 · Apr 22, 2026 · Apr 22, 2026
diff --git a/src/base/.devcontainer/Mk/check.mk b/src/base/.devcontainer/Mk/check.mk
@@ -84,11 +84,7 @@ actionlint:
 	actionlint
 
 secret-scan:
-	@if [ -f .gitallowed ]; then \
-		git-secrets --scan-history .; \
-	else \
-		gitleaks -v --redact git; \
-	fi
+	gitleaks -v --redact git
 
 guard-%:
 	@ if [ "${${*}}" = "" ]; then \

diff --git a/src/base/.devcontainer/scripts/root_install.sh b/src/base/.devcontainer/scripts/root_install.sh
@@ -45,17 +45,6 @@ VERSION="${DIRENV_VERSION}" "${SCRIPTS_DIR}/${CONTAINER_NAME}/install_direnv.sh"
 # install yq
 VERSION="${YQ_VERSION}" "${SCRIPTS_DIR}/${CONTAINER_NAME}/install_yq.sh"
 
-# install gitsecrets
-# this should be removed once we have migrated all repos to gitleaks
-git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets
-cd /tmp/git-secrets
-make install
-cd
-rm -rf /tmp/git-secrets
-mkdir -p /usr/share/secrets-scanner
-chmod 755 /usr/share/secrets-scanner
-curl -L https://raw.githubusercontent.com/NHSDigital/software-engineering-quality-framework/main/tools/nhsd-git-secrets/nhsd-rules-deny.txt -o /usr/share/secrets-scanner/nhsd-rules-deny.txt
-
 # get cfn-guard ruleset
 tmp_dir="$(mktemp -d)"
 trap 'rm -rf "${tmp_dir}"' EXIT