From 5dca01ac835fdf84cb522cfbd4574955ad1da280 Mon Sep 17 00:00:00 2001 From: John Sapienza <98348171+jwsapienza@users.noreply.github.com> Date: Tue, 30 Jan 2024 11:25:57 -0500 Subject: [PATCH] ci(FS-7080): Update trufflehog-scan.yml --- .github/workflows/trufflehog-scan.yml | 43 +++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/trufflehog-scan.yml diff --git a/.github/workflows/trufflehog-scan.yml b/.github/workflows/trufflehog-scan.yml new file mode 100644 index 00000000..17d77a71 --- /dev/null +++ b/.github/workflows/trufflehog-scan.yml @@ -0,0 +1,43 @@ +### +# Foundation-security Trufflehog workflow +# version: 2.0 +### +name: Foundation-Security/Trufflehog Scan + +on: + push: + tags: + - "**" + branches: + - "**" + +jobs: + Trufflehog-Scan: + runs-on: ubuntu-22.04 + permissions: + id-token: write + contents: read + steps: + - name: Checkout source repository + id: checkout-source + uses: actions/checkout@v4 + with: + repository: ${{github.repository}} + ref: ${{ github.ref }} + path: source + token: ${{secrets.GH_SLONIK}} + + - name: Checkout foundation-security repository + id: checkout-foundation-security + uses: actions/checkout@v4 + with: + repository: EnterpriseDB/foundation-security + ref: v2 + path: foundation-security + token: ${{secrets.GH_SLONIK}} + + - name: Secrets Scan + id: call-th-composite + uses: ./foundation-security/actions/trufflehog + with: + cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}