Skip to content

TruffleHog

TruffleHog #89

Workflow file for this run

name: "TruffleHog"
on:
push:
branches: [ main ]
pull_request:
schedule:
- cron: "0 0 * * *" # Once a day
permissions:
actions: read
contents: read
security-events: write
id-token: write
issues: write
jobs:
ScanSecrets:
name: Scan secrets
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Ensure full clone for pull request workflows
ref: ${{ github.head_ref }} # Fetch specific branch/commit for pull requests
- name: TruffleHog OSS
id: trufflehog
uses: trufflesecurity/trufflehog@8a8ef8526527dd5f5d731d8e74843c121777b82d #v3.80.2
continue-on-error: true
with:
path: ./ # Scan the entire repository
base: "${{ github.event.repository.default_branch }}" # Set base branch for comparison (pull requests)
extra_args: --filter-entropy=4 --results=verified,unknown --debug
- name: Scan Results Status
if: steps.trufflehog.outcome == 'failure'
run: exit 1 # Set workflow run to failure if TruffleHog finds secrets