mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2025-09-09 20:30:05 +00:00
39 lines
826 B
YAML
39 lines
826 B
YAML
name: "Trufflehog: check for exposed secrets"
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
paths:
|
|
- "**.nix"
|
|
- ".github/workflows/check-leaks.yml"
|
|
- "**.yaml"
|
|
- "**.md"
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
deadnix:
|
|
name: Run trufflehog
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@main
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- id: trufflehog
|
|
name: TruffleHog scan
|
|
uses: trufflesecurity/trufflehog@main
|
|
continue-on-error: true
|
|
with:
|
|
path: ./
|
|
base: "${{ github.event.repository.default_branch }}"
|
|
extra_args: --debug --only-verified
|
|
|
|
- name: Scan Results Status
|
|
if: steps.trufflehog.outcome == 'failure'
|
|
run: exit 1
|