From 824885b7bd74e35e6d79438d9197ce2fd94a1614 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Thu, 17 Apr 2025 15:37:31 -0600
Subject: [PATCH] Add second destination for secret-scan output

---
 .github/workflows/secret-scan.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index 9675d92..8d2918b 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -61,7 +61,7 @@ jobs:
           else
             trufflehog git file://. --only-verified --github-actions --fail --exclude-detectors="datadogtoken"
           fi
-      - name: Send Alert to Panther
+      - name: Send Alert to SIEM
         id: alert
         run: |
           if [[ -n "${{vars.SECRET_SCAN_PANTHER_WEBHOOK_URL}}" ]]; then
@@ -69,6 +69,10 @@ jobs:
               --header "Authorization: Bearer ${{ secrets.SECRET_SCAN_PANTHER_WEBHOOK_HEADER }}" \
               --data '{"event":"github_secret_scanning", "status":"${{steps.scan.outcome}}", "createdAt":"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}","actor":"${{ github.event.pull_request.user.login }}"}'
           fi
+          if [[ -n "${{vars.SECRET_SCAN_SIEM_WEBHOOK_URL}}" ]]; then
+            curl "${{vars.SECRET_SCAN_SIEM_WEBHOOK_URL}}" \
+              --data '{"event":"github_secret_scanning", "status":"${{steps.scan.outcome}}", "createdAt":"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}","actor":"${{ github.event.pull_request.user.login }}"}'
+          fi
       - name: Fail workflow if secret detected
         if: steps.scan.outcome != 'success'
         run: exit 1