-
Notifications
You must be signed in to change notification settings - Fork 58
47 lines (42 loc) · 1.35 KB
/
trufflehog-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: TruffleHog Scan
on:
push:
branches:
- trufflehog-new
- main
- dev
pull_request:
branches:
- main
- dev
jobs:
trufflehog-scan:
runs-on: ubuntu-22.04
services:
docker:
image: docker:19.03.12
options: --privileged
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Set up Docker
run: |
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
- name: TruffleHog scan
run: |
echo "Starting TruffleHog scan..."
docker run -v "$PWD:/pwd" -v $GITHUB_WORKSPACE:/privado ghcr.io/trufflesecurity/trufflehog:latest filesystem --directory /privado --exclude_paths /privado/trufflehog/exclude-patterns.txt > trufflehog_output.text
python3 $GITHUB_WORKSPACE/trufflehog/trufflehog-exception.py
echo "TruffleHog scan completed."
cat trufflehog_filtered_output.text
if grep -qE 'Found (unverified|verified) result' trufflehog_filtered_output.text; then
echo "TruffleHog found sensitive information. Failing the pipeline."
exit 1
else
echo "No sensitive information found."
fi