Skip to content

Secret scanning

Secret scanning #117

Workflow file for this run

name: Secret scanning
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
schedule:
- cron: "17 6 * * 1"
permissions:
contents: read
concurrency:
group: secret-scanning-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
gitleaks:
name: Gitleaks
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Scan Git history
uses: docker://zricethezav/gitleaks:v8.30.1
with:
args: detect --source . --redact --verbose
trufflehog:
name: TruffleHog
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
persist-credentials: false
- name: Scan changed commits
uses: trufflesecurity/trufflehog@00155c9dc586f34d189adc83d3ac2698c2ec551f # v3.95.8
with:
path: ./
version: 3.95.8
extra_args: --results=verified,unknown