Trying Phylum once more. #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #SPDX-License-Identifier: MIT | |
| #Copyright (c) "2023" . The DeepCausality Authors. All Rights Reserved. | |
| # TruffleHog is an open-source SAST (static application security testing) tool | |
| # for detecting secrets in various sources | |
| # https://github.com/trufflesecurity/trufflehog | |
| # https://github.com/marketplace/actions/trufflehog-oss | |
| name: Secret Scan | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| TruffleHog: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: TruffleHog OSS | |
| id: trufflehog | |
| uses: trufflesecurity/trufflehog@main | |
| continue-on-error: true | |
| with: | |
| path: ./ | |
| base: "${{ github.event.repository.default_branch }}" | |
| head: HEAD | |
| extra_args: --debug | |
| - name: Scan Results Status | |
| if: steps.trufflehog.outcome == 'failure' | |
| run: exit 1 |