Releases: NHSDigital/eps-workflow-quality-checks
Releases · NHSDigital/eps-workflow-quality-checks
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
Add Secret Scanning
Breaking change. This version adds in secret scanning, which does not require any changes to the Github action call, but will almost certainly produce false positive matches to strings that look like secrets, but aren't.
To ignore flagged patterns, please create a .gitallowed
file and place regex patterns to ignore there.
This is a reasonably sensible defaut for patterns that look secret-ish, but are okay:
token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
github-token: ?"?\$\{\{\s*secrets\.GITHUB_TOKEN\s*\}\}"?
token: ?"?\$\{\{\s*secrets\.DEPENDABOT_TOKEN\s*\}\}"?
id-token: write
--token=\$\{\{\s*steps\.generate-token\.outputs\.token\s*\}\}
--token=\$GITHUB-TOKEN
--token="\$GITHUB-TOKEN"
"accountId": "123456789012"
accountId: "123456789012"
console\.log\(`access token : \${access_token}`\)
.*CidrBlock.*
.*Gemfile\.lock.*
.*\.gitallowed.*
.*nhsd-rules-deny.txt.*
.*\.venv.*
.*node_modules.*
Use this as a jumping-off point, and tweak it for your project.
v3.0.0
What's Changed
- Upgrade: [AEA-4506] - Use main branch for SBOM action by @wildjames in #4
Full Changelog: v2...v3.0.0