Use the latest version of Trufflehog, and use the checkout provided by the GitHub Action checkout step

Dockerfile

@@ -11,11 +11,11 @@ LABEL "com.github.actions.description"="Scan repository for secrets with basic t
 LABEL "com.github.actions.icon"="shield"
 LABEL "com.github.actions.color"="yellow"
 
-RUN pip install gitdb2==3.0.0 truffleHog==2.0.99
+RUN pip install gitdb2==3.0.0 truffleHog
 RUN apk --update add git less openssh && \
   rm -rf /var/lib/apt/lists/* && \
   rm /var/cache/apk/*
 
 ADD entrypoint.sh  /entrypoint.sh
 
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -55,20 +55,6 @@ steps:
 
 *if custom options argument string is used, it will overwrite default settings
 
-### Private GitHub Repository
-
-Pass a GitHub access token to action to clone from a private GitHub repository.
-You can't use the default `GITHUB_TOKEN` as it doesn't have the permission to clone the repository.
-
-```yaml
-steps:
-- uses: actions/checkout@master
-- name: trufflehog-actions-scan
-  uses: nasa-gibs/trufflehog-actions-scan@master
-  with:
-    githubToken: ${{ secrets.GITHUB_CLONE_TOKEN }} # You have to create an access token manually
-
-```
 
 ----
 

action.yml

@@ -5,9 +5,6 @@ runs:
   using: 'docker'
   image: 'Dockerfile'
 inputs:
-  githubToken:
-    description: 'GitHub Token to access a private repository.'
-    required: false
   scanArguments:
     description: 'Argument options for scan.'
     required: false

entrypoint.sh

@@ -7,10 +7,6 @@ if [ -n "${INPUT_SCANARGUMENTS}" ]; then
   args="${INPUT_SCANARGUMENTS}" # Overwrite if new options string is provided
 fi
 
-if [ -n "${INPUT_GITHUBTOKEN}" ]; then
-  githubRepo="https://[email protected]/$GITHUB_REPOSITORY" # Overwrite for private repository if token provided
-else
-  githubRepo="https://github.com/$GITHUB_REPOSITORY" # Default target repository
-fi
+git config --global --add safe.directory /github/workspace/.git
 
-trufflehog $args $githubRepo
+trufflehog file:///github/workspace $args