From 091682fbea49176778fdab0a103731a4159a3f84 Mon Sep 17 00:00:00 2001 From: Teoh Suh Haw Date: Thu, 5 Mar 2026 11:09:19 +0800 Subject: [PATCH 1/3] Update gitleaks report to sarif format Signed-off-by: Teoh Suh Haw --- .github/workflows/gitleak-scan.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gitleak-scan.yml b/.github/workflows/gitleak-scan.yml index c7f5e3dc..35d3084a 100644 --- a/.github/workflows/gitleak-scan.yml +++ b/.github/workflows/gitleak-scan.yml @@ -4,6 +4,8 @@ on: [pull_request, push, workflow_dispatch] permissions: contents: read pull-requests: read + security-events: write + actions: read jobs: gitleaks: @@ -17,6 +19,6 @@ jobs: with: scan-scope: "all" source: "./" - config_path: "./ci/gitleaks_baselines/os-image-composer-gitleaks.csv" - report_format: "csv" + config_path: "./ci/gitleaks_baselines/os-image-composer-gitleaks.sarif" + report_format: "sarif" redact: "true" \ No newline at end of file From 37ab247c1dca535db667474c1733b2d518bd8b73 Mon Sep 17 00:00:00 2001 From: elvin03 Date: Thu, 5 Mar 2026 11:26:26 +0800 Subject: [PATCH 2/3] Update .github/workflows/gitleak-scan.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/gitleak-scan.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/gitleak-scan.yml b/.github/workflows/gitleak-scan.yml index 35d3084a..3246e83d 100644 --- a/.github/workflows/gitleak-scan.yml +++ b/.github/workflows/gitleak-scan.yml @@ -5,7 +5,6 @@ permissions: contents: read pull-requests: read security-events: write - actions: read jobs: gitleaks: From 6d6e000f243c4812915b476671986e80eb995d01 Mon Sep 17 00:00:00 2001 From: Teoh Suh Haw Date: Thu, 5 Mar 2026 11:24:41 +0800 Subject: [PATCH 3/3] Revert copilot commit Signed-off-by: Teoh Suh Haw --- .github/workflows/gitleak-scan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gitleak-scan.yml b/.github/workflows/gitleak-scan.yml index 3246e83d..35d3084a 100644 --- a/.github/workflows/gitleak-scan.yml +++ b/.github/workflows/gitleak-scan.yml @@ -5,6 +5,7 @@ permissions: contents: read pull-requests: read security-events: write + actions: read jobs: gitleaks: