-
Notifications
You must be signed in to change notification settings - Fork 7
48 lines (40 loc) · 1.06 KB
/
scan_secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#SPDX-License-Identifier: MIT
#Copyright (c) "2023" . The DeepCausality Authors. All Rights Reserved.
# TruffleHog is an open-source SAST (static application security testing) tool
# for detecting secrets in various sources
# https://github.com/trufflesecurity/trufflehog
# https://github.com/marketplace/actions/trufflehog-oss
name: Secret Scan
on:
push:
branches:
- main
pull_request:
permissions:
contents: read
id-token: write
issues: write
pull-requests: write
jobs:
TruffleHog:
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: TruffleHog OSS
id: trufflehog
uses: trufflesecurity/trufflehog@main
continue-on-error: true
with:
path: ./
base: "${{ github.event.repository.default_branch }}"
head: HEAD
extra_args: --debug
- name: Scan Results Status
if: steps.trufflehog.outcome == 'failure'
run: exit 1