Skip to content
shield

GitHub Action

TruffleHog Enterprise

v1.1.0 Latest version

TruffleHog Enterprise

shield

TruffleHog Enterprise

Scan Github Actions with TruffleHog Enterprise

Installation

Copy and paste the following snippet into your .yml file.

              

- name: TruffleHog Enterprise

uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@v1.1.0

Learn more about this action in trufflesecurity/TruffleHog-Enterprise-Github-Action

Choose a version

TruffleHog Enterprise GitHub Action

GitHub Marketplace License

Find exposed credentials in your CI using TruffleHog Enterprise.

Important

This action is deprecated. Please instead use the open-source tool to scan as a GitHub action.

Usage

Add a new job to your GitHub workflow using the trufflesecurity/TruffleHog-Enterprise-Github-Action action.

name: TruffleHog Enterprise scan

on: [push, pull_request]

jobs:
  scanning:
    name: TruffleHog Enterprise scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          fetch-depth: 0 # fetch all history so multiple commits can be scanned
      - name: TruffleHog Enterprise scan
        uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
        with:
            args: --fail-verified ${{ github.event.repository.default_branch }} HEAD

Be sure to set the repository or organization secrets on GitHub with the variables that are referenced above.

Extra scanner options

The following options can be added to the action by adding them to the args list.

Flags:
      --help                  Show context-sensitive help (also try --help-long and --help-man).
  -v, --debug                 Enable debug mode.
      --trace                 Enable tracing of code line numbers.
      --json                  Enable JSON output.
      --send-error-telemetry  Turns error telemetry off.
      --fail-verified         Only emit failure code for verified findings.
      --quiet                 Only show results.
      --config=CONFIG         Path to configuration file. You can also specify Google Secrets Manager secrets with
                              'gsm://<project_id>/<secret_name>'.

Args:
  <base>       Start scanning from here (usually main branch).
  <head>       Scan commits until here (usually dev branch).
  [<workdir>]  Optional path to the repo to scan.