From 750df06df8e661e3d425147fc3d7b7d1c1a8af9a Mon Sep 17 00:00:00 2001 From: Maksym Date: Mon, 20 Feb 2023 18:40:34 +0200 Subject: [PATCH] chore(security): add workflow for leaked secrets monitoring --- .github/workflows/secrets_scanner.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/secrets_scanner.yaml diff --git a/.github/workflows/secrets_scanner.yaml b/.github/workflows/secrets_scanner.yaml new file mode 100644 index 0000000..54054cf --- /dev/null +++ b/.github/workflows/secrets_scanner.yaml @@ -0,0 +1,17 @@ +name: Leaked Secrets Scan +on: [pull_request] +jobs: + TruffleHog: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 + with: + fetch-depth: 0 + - name: TruffleHog OSS + uses: trufflesecurity/trufflehog@0c66d30c1f4075cee1aada2e1ab46dabb1b0071a + with: + path: ./ + base: ${{ github.event.repository.default_branch }} + head: HEAD + extra_args: --debug --only-verified