From 4823c161c68400a1250d43b1207a3f748091aa7b Mon Sep 17 00:00:00 2001 From: Manish Kumar Date: Thu, 13 Jun 2024 14:39:01 +0530 Subject: [PATCH 1/3] adding new workflow for scanning secrets in commit --- .github/workflows/ScanSecrets.yaml | 18 ++++++++++++++++++ .script/SecretScanning/Excludepathlist | 2 ++ 2 files changed, 20 insertions(+) create mode 100644 .github/workflows/ScanSecrets.yaml create mode 100644 .script/SecretScanning/Excludepathlist diff --git a/.github/workflows/ScanSecrets.yaml b/.github/workflows/ScanSecrets.yaml new file mode 100644 index 00000000000..28ad3045492 --- /dev/null +++ b/.github/workflows/ScanSecrets.yaml @@ -0,0 +1,18 @@ +name: Scanning for secrets in commits +on: + pull_request: + branches: + - master +jobs: + Scan_Secrets_in_commit: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Secret Scanning + uses: trufflesecurity/trufflehog@main + continue-on-error: true + with: + extra_args: --exclude-paths=.script/SecretScannning/Excludepathlist --no-verification \ No newline at end of file diff --git a/.script/SecretScanning/Excludepathlist b/.script/SecretScanning/Excludepathlist new file mode 100644 index 00000000000..fe9dfe24440 --- /dev/null +++ b/.script/SecretScanning/Excludepathlist @@ -0,0 +1,2 @@ +path_ofthe_file_toskip_from_scanning + From af4439a06c1636c974e10739f4ff8e5419d3afa7 Mon Sep 17 00:00:00 2001 From: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Thu, 13 Jun 2024 14:43:23 +0530 Subject: [PATCH 2/3] Update ScanSecrets.yaml --- .github/workflows/ScanSecrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ScanSecrets.yaml b/.github/workflows/ScanSecrets.yaml index 28ad3045492..3746733d671 100644 --- a/.github/workflows/ScanSecrets.yaml +++ b/.github/workflows/ScanSecrets.yaml @@ -13,6 +13,6 @@ jobs: fetch-depth: 0 - name: Secret Scanning uses: trufflesecurity/trufflehog@main - continue-on-error: true + continue-on-error: true with: - extra_args: --exclude-paths=.script/SecretScannning/Excludepathlist --no-verification \ No newline at end of file + extra_args: --exclude-paths=.script/SecretScannning/Excludepathlist --no-verification From 7c4a0294a6d01798b4dbd156f71d040872a30bff Mon Sep 17 00:00:00 2001 From: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com> Date: Fri, 12 Jul 2024 16:04:15 +0530 Subject: [PATCH 3/3] Update ScanSecrets.yaml --- .github/workflows/ScanSecrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ScanSecrets.yaml b/.github/workflows/ScanSecrets.yaml index 3746733d671..855ec23cde4 100644 --- a/.github/workflows/ScanSecrets.yaml +++ b/.github/workflows/ScanSecrets.yaml @@ -15,4 +15,4 @@ jobs: uses: trufflesecurity/trufflehog@main continue-on-error: true with: - extra_args: --exclude-paths=.script/SecretScannning/Excludepathlist --no-verification + extra_args: --exclude-paths=.script/SecretScanning/Excludepathlist --no-verification