-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
chore truffle hog workflow update
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
################################################################################# | ||
# Copyright (c) 2024 T-Systems International GmbH | ||
# Copyright (c) 2024 Contributors to the Eclipse Foundation | ||
# | ||
# See the NOTICE file(s) distributed with this work for additional | ||
# information regarding copyright ownership. | ||
# | ||
# This program and the accompanying materials are made available under the | ||
# terms of the Apache License, Version 2.0 which is available at | ||
# https://www.apache.org/licenses/LICENSE-2.0. | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
################################################################################ | ||
name: "TruffleHog" | ||
|
||
on: | ||
push: | ||
branches: ["main"] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: ["main"] | ||
schedule: | ||
- cron: "0 0 * * *" # Once a day | ||
workflow_dispatch: | ||
|
||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
id-token: write | ||
issues: write | ||
|
||
jobs: | ||
ScanSecrets: | ||
name: Scan secrets | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Repository | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 # Ensure full clone for pull request workflows | ||
|
||
- name: TruffleHog OSS | ||
id: trufflehog | ||
uses: trufflesecurity/trufflehog@main | ||
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
Check warning on line 51 in .github/workflows/truffleHog.yml GitHub Actions / Analyze[LOW] Unpinned Actions Full Length Commit SHA
|
||
continue-on-error: true | ||
with: | ||
path: ./ # Scan the entire repository | ||
base: "${{ github.event.repository.default_branch }}" # Set base branch for comparison (pull requests) | ||
extra_args: --filter-entropy=4 --results=verified,unknown --debug | ||
|
||
- name: Scan Results Status | ||
if: steps.trufflehog.outcome == 'failure' | ||
run: exit 1 # Set workflow run to failure if TruffleHog finds secrets |