Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

getsentry/action-secret-scanning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
CODEOWNERS
CODEOWNERS
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 
secret_scanning_example.png
secret_scanning_example.png
 
 

Repository files navigation

action-secret-scanning

Perform Secret Scanning on Pull Requests

This action uses Trufflehog OSS secret scanner to perform scanning on pull requests.

Usage

- uses: getsentry/trufflehog_reusable_workflow_test@main
    id: call_trufflehog

Any secrets detected will be highlighted in the files changes in pull requests, as the following screenshot. Example

If you want the scan result commented on the PR, you can do:

- uses: getsentry/action-secret-scanning@v1
    id: call_trufflehog
    continue-on-error: true
- uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc
    if: steps.call_trufflehog.outcome != 'success'
    with:
        message: |
        🚨🚨🚨 Secret found 🚨🚨🚨
        Please review your commit
- name: Fail workflow if secret detected
    if: steps.call_trufflehog.outcome != 'success'
    run: exit 1

Benefits

This action pulls the latest version of TruffleHog OSS from https://api.github.com/repos/trufflesecurity/trufflehog/releases/latest, and uses Cosign to verify the checksum of the downloaded release. The action is ran directly in GitHub Action, not using docker or any container.

About

Perform Secret Scanning on Pull Requests

Topics

tag-archived

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

27 watching

Forks

0 forks
Report repository

Releases 1

v1 Latest
Jun 14, 2024

Sponsor this project

Packages