Spaces:
Running
Running
feat(ci): add trufflehog secrets detection (#1259)
Browse files* feat(ci): add trufflehog secrets detection
* linting
---------
Co-authored-by: Nathan Sarrazin <[email protected]>
.github/workflows/trufflehog.yml
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
on:
|
| 2 |
+
push:
|
| 3 |
+
|
| 4 |
+
name: Secret Leaks
|
| 5 |
+
|
| 6 |
+
permissions:
|
| 7 |
+
contents: read
|
| 8 |
+
id-token: write
|
| 9 |
+
issues: write
|
| 10 |
+
pull-requests: write
|
| 11 |
+
|
| 12 |
+
jobs:
|
| 13 |
+
trufflehog:
|
| 14 |
+
runs-on: ubuntu-latest
|
| 15 |
+
steps:
|
| 16 |
+
- name: Checkout code
|
| 17 |
+
uses: actions/checkout@v4
|
| 18 |
+
with:
|
| 19 |
+
fetch-depth: 0
|
| 20 |
+
- name: Secret Scanning
|
| 21 |
+
uses: trufflesecurity/trufflehog@main
|