You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
SecureStack Secrets Analysis
v0.1.1
A GitHub Action that analyses your source code for secrets, credentials, API keys, server and database hostnames/URLS, and a lot more! When you add this to GitHub Actions we will analyze your source code to make sure there is no sensitive data in your commit. See below for the specific types of credentials and files we scan for.
name: Example Workflow Using SecureStack Secrets Scan Action
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout repo for running secrets analysis within workflow
id: checkout
uses: actions/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Secrets Analysis Step
id: secrets
uses: SecureStackCo/[email protected]
with:
securestack_api_key: ${{ secrets.SECURESTACK_API_KEY_SECRET }}
securestack_app_id: '<Application Id>'
severity: critical
flags: '-d 1 -a <Application Id>'
NOTE - to understand possible values for the action input flags
, run the SecureStack cli locally:
$ bloodhound-cli code --help
- Log in to SecureStack and go to the Profile -> GENERATE KEY screen.
- Generate an API key and copy the value.
- Go to Settings for your GitHub repository and click on Secrets at the bottom left.
- Create a new secret named SECURESTACK_API_KEY_SECRET and paste the value from step 2 into the field.
- Log in to SecureStack.
- Open the application you wish to analyse.
- Copy the value of the application id on the View Application screen.
- Paste into the value of the
securestack_app_id
action input for the step using the SecureStack action in your workflow.
- API keys like Stripe, AWS, Amplitude and a bazillion more
- Server and database hostnames or URLS
- Passwords and Usernames
- .env files and git indexes
Made with 💜 by SecureStack