Skip to content

Commit

Permalink
add secret scanning workflow (#11053)
Browse files Browse the repository at this point in the history
**What this PR does / why we need it**:
Short PR to add GitHub Action workflow to run Trufflehog on each PR.
Will only fail/alert on verified secrets. This can be tweaked and
configured later if need be.

**Which issue(s) this PR fixes**:
Fixes #<issue number>

**Special notes for your reviewer**:

**Checklist**
- [ ] Reviewed the
[`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md)
guide (**required**)
- [ ] Documentation added
- [ ] Tests updated
- [ ] `CHANGELOG.md` updated
- [ ] If the change is worth mentioning in the release notes, add
`add-to-release-notes` label
- [ ] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/setup/upgrade/_index.md`
- [ ] For Helm chart changes bump the Helm chart version in
`production/helm/loki/Chart.yaml` and update
`production/helm/loki/CHANGELOG.md` and
`production/helm/loki/README.md`. [Example
PR](d10549e)
- [ ] If the change is deprecating or removing a configuration option,
update the `deprecated-config.yaml` and `deleted-config.yaml` files
respectively in the `tools/deprecated-config-checker` directory. <!--
TODO(salvacorts): Add example PR -->

Co-authored-by: Michel Hollands <[email protected]>
  • Loading branch information
SadFaceSmith and MichelHollands authored Oct 27, 2023
1 parent edae9d3 commit 92b6985
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/secret-scanning.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: TruffleHog Secrets Scan
on: [pull_request]
jobs:
TruffleHog:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified

0 comments on commit 92b6985

Please sign in to comment.