diff --git a/.families.yaml b/.families.yaml
index 489f7aee6..9068bc918 100644
--- a/.families.yaml
+++ b/.families.yaml
@@ -97,6 +97,7 @@ secrets:
   scanners_config:
     gitleaks:
       binary_path: "/usr/local/bin/gitleaks"
+      report_format: "json"
 
 exploits:
   enabled: false
diff --git a/cli/state/testdata/effective-config.json b/cli/state/testdata/effective-config.json
index 89df2bacb..98e5fe2ea 100644
--- a/cli/state/testdata/effective-config.json
+++ b/cli/state/testdata/effective-config.json
@@ -75,7 +75,8 @@
     "inputs": null,
     "scanners_config": {
       "gitleaks": {
-        "binary_path": ""
+        "binary_path": "",
+        "report_format": ""
       }
     }
   },
diff --git a/scanner/families/secrets/gitleaks/config/config.go b/scanner/families/secrets/gitleaks/config/config.go
index b25ee1642..925b0fc41 100644
--- a/scanner/families/secrets/gitleaks/config/config.go
+++ b/scanner/families/secrets/gitleaks/config/config.go
@@ -16,11 +16,20 @@
 package config
 
 const (
-	DefaultGitleaksBinary = "gitleaks"
+	defaultGitleaksBinary = "gitleaks"
+	defaultReportFormat   = "json"
 )
 
+var allowedFormats = map[string]bool{
+	"json":  true,
+	"csv":   true,
+	"junit": true,
+	"sarif": true,
+}
+
 type Config struct {
-	BinaryPath string `yaml:"binary_path" mapstructure:"binary_path" json:"binary_path"`
+	BinaryPath   string `yaml:"binary_path" mapstructure:"binary_path" json:"binary_path"`
+	ReportFormat string `yaml:"report_format" mapstructure:"report_format" json:"report_format"`
 }
 
 func (c *Config) GetBinaryPath() string {
@@ -28,5 +37,13 @@ func (c *Config) GetBinaryPath() string {
 		return c.BinaryPath
 	}
 
-	return DefaultGitleaksBinary
+	return defaultGitleaksBinary
+}
+
+func (c *Config) GetReportFormat() string {
+	if c.ReportFormat != "" && allowedFormats[c.ReportFormat] {
+		return c.ReportFormat
+	}
+
+	return defaultReportFormat
 }
diff --git a/scanner/families/secrets/gitleaks/gitleaks.go b/scanner/families/secrets/gitleaks/gitleaks.go
index 90809f466..fbbf3dbe9 100644
--- a/scanner/families/secrets/gitleaks/gitleaks.go
+++ b/scanner/families/secrets/gitleaks/gitleaks.go
@@ -65,6 +65,7 @@ func (a *Scanner) Scan(ctx context.Context, sourceType common.InputType, userInp
 		_ = os.Remove(file.Name())
 	}()
 	reportPath := file.Name()
+	reportFormat := a.config.GetReportFormat()
 
 	fsPath, cleanup, err := familiesutils.ConvertInputToFilesystem(ctx, sourceType, userInput)
 	if err != nil {
@@ -72,7 +73,7 @@ func (a *Scanner) Scan(ctx context.Context, sourceType common.InputType, userInp
 	}
 	defer cleanup()
 
-	// gitleaks detect --source <source> --no-git -r <report-path> -f json --exit-code 0 --max-target-megabytes 50
+	// gitleaks detect --source <source> --no-git -r <report-path> -f <report-format> --exit-code 0 --max-target-megabytes 50
 	// nolint:gosec
 	args := []string{
 		"detect",
@@ -82,7 +83,7 @@ func (a *Scanner) Scan(ctx context.Context, sourceType common.InputType, userInp
 		"-r",
 		reportPath,
 		"-f",
-		"json",
+		reportFormat,
 		"--exit-code",
 		"0",
 		"--max-target-megabytes",