diff --git a/.github/workflows/secret.yaml b/.github/workflows/secret.yaml index 415327d..8038e55 100644 --- a/.github/workflows/secret.yaml +++ b/.github/workflows/secret.yaml @@ -7,67 +7,79 @@ on: workflow_dispatch: jobs: - gitleaks: - name: Gitleaks + trufflehog-ml: + name: TruffleHog from MegaLinter runs-on: ubuntu-latest + defaults: + run: + shell: bash steps: - name: Checkout Repo uses: actions/checkout@v4 - - name: Scan with Gitleaks - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - truffle: - name: TruffleHog - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - name: Scan with TruffleHog - uses: trufflesecurity/trufflehog@main - with: - base: "" - head: ${{ github.ref_name }} - extra_args: --no-verification - truffle-install: - name: TruffleHog Installation - runs-on: Ubnuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name : Installing secret-scanning tool - run : | - pip3 install truffleHog - truffleHog --regex --entropy=False . - truffle-enterprise: - name: TruffleHog Enterprise - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 # fetch all history so multiple commits can be scanned - - name: Scan with TruffleHog Enterprise - uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main - with: - args: --fail-verified ${{ github.event.repository.default_branch }} HEAD - truffle-cli: - name: TruffleHog CLI - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 # fetch all history so multiple commits can be scanned - - name: TruffleHog OSS - id: trufflehog - uses: trufflesecurity/trufflehog@add-actions-cli-switch - continue-on-error: true - with: - path: ./ - base: "${{ github.event.repository.default_branch }}" - head: HEAD - extra_args: --debug --only-verified  - - name: Scan Results Status - if: steps.trufflehog.outcome == 'failure' - run: exit 1 + - name: Lint YAML + uses: oxsecurity/megalinter/flavors/ci_light@latest + + # gitleaks: + # name: Gitleaks + # runs-on: ubuntu-latest + # steps: + # - name: Checkout Repo + # uses: actions/checkout@v4 + # - name: Scan with Gitleaks + # uses: gitleaks/gitleaks-action@v2 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # truffle: + # name: TruffleHog + # runs-on: ubuntu-latest + # steps: + # - name: Checkout Repo + # uses: actions/checkout@v4 + # - name: Scan with TruffleHog + # uses: trufflesecurity/trufflehog@main + # with: + # base: "" + # head: ${{ github.ref_name }} + # extra_args: --no-verification + # truffle-install: + # name: TruffleHog Installation + # runs-on: Ubnuntu-latest + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # - name : Installing secret-scanning tool + # run : | + # pip3 install truffleHog + # truffleHog --regex --entropy=False . + # truffle-enterprise: + # name: TruffleHog Enterprise + # runs-on: ubuntu-latest + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 # fetch all history so multiple commits can be scanned + # - name: Scan with TruffleHog Enterprise + # uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main + # with: + # args: --fail-verified ${{ github.event.repository.default_branch }} HEAD + # truffle-cli: + # name: TruffleHog CLI + # runs-on: ubuntu-latest + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 # fetch all history so multiple commits can be scanned + # - name: TruffleHog OSS + # id: trufflehog + # uses: trufflesecurity/trufflehog@add-actions-cli-switch + # continue-on-error: true + # with: + # path: ./ + # base: "${{ github.event.repository.default_branch }}" + # head: HEAD + # extra_args: --debug --only-verified  + # - name: Scan Results Status + # if: steps.trufflehog.outcome == 'failure' + # run: exit 1