Use gitleaks GitHub Action #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Gitleaks Guard | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| run-gitleaks: | |
| name: Scan with gitleaks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Run gitleaks scan | |
| uses: gitleaks/gitleaks-action@v2 | |
| with: | |
| args: detect --source . --baseline-path gitleaks.baseline --config .gitleaks.toml --redact | |
| notify-on-failure: | |
| name: Notify on failure | |
| runs-on: ubuntu-latest | |
| needs: run-gitleaks | |
| if: failure() | |
| steps: | |
| - name: Send failure email | |
| uses: dawidd6/action-send-mail@v3 | |
| with: | |
| server_address: ${{ secrets.SMTP_SERVER }} | |
| server_port: ${{ secrets.SMTP_PORT }} | |
| username: ${{ secrets.SMTP_USERNAME }} | |
| password: ${{ secrets.SMTP_PASSWORD }} | |
| subject: "Gitleaks failed for ${{ github.repository }} on ${{ github.ref_name }}" | |
| to: ${{ secrets.ALERT_EMAIL }} | |
| from: ${{ secrets.ALERT_EMAIL }} | |
| body: | | |
| The gitleaks scan failed for ${{ github.repository }}. | |
| Commit: ${{ github.sha }} | |
| Author: ${{ github.actor }} | |
| Run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| Please review the workflow logs for more details. |