Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add truffle hog workflow #529

Closed
wants to merge 25 commits into from
Closed

Add truffle hog workflow #529

wants to merge 25 commits into from

Conversation

RoKrish14
Copy link
Contributor

Description

This PR introduces TruffleHog as a new open source tool for secret scanning to be used alongside native Github Secret scanning. This is being enforced as a replacement to the existing GitGuardian (commercial) tool.

Please note: The TRG checks continues for 24.08 under GitGuardian for secret scanning.
If you have already implemented TruffleHog, it can also be considered for the TRG checks.

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

  • DEPENDENCIES are up-to-date. Dash license tool. Committers can open IP issues for restricted libs.
  • Copyright and license header are present on all affected files
  • If helm chart has been changed, the chart version has been bumped to either next major, minor or patch level (compared to released chart).

RoKrish14 and others added 25 commits June 20, 2024 10:44
@RoKrish14 RoKrish14 closed this Jul 29, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 29, 2024
View reviewed changes
.github/workflows/trufflehog.yml

- name: TruffleHog OSS
id: trufflehog
uses: trufflesecurity/trufflehog@main

Check notice

Code scanning / KICS

Unpinned Actions Full Length Commit SHA Note

Action is not pinned to a full length commit SHA.
@RoKrish14 RoKrish14 deleted the Add-TruffleHog-Workflow branch July 30, 2024 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@RoKrish14