name: gitleaks on: pull_request: {} push: branches: [master, v3.dev] permissions: read-all env: ALLOWED_ENDPOINTS: > api.github.com:443 github.com:443 objects.githubusercontent.com:443 jobs: scan: name: gitleaks runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block allowed-endpoints: ${{ env.ALLOWED_ENDPOINTS }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run gitleaks uses: gitleaks/gitleaks-action@83373cf2f8c4db6e24b41c1a9b086bb9619e9cd3 # v2.3.7 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}