✨ A GitHub Action that automatically checks for hardcoded secrets in your code. You can integrate it in your CI/CD pipeline.
- Passwords
- API tokens
- AWS keys
- Private keys
- Hashed credentials
- Authentication tokens
- Dangerous functions
- Sensitive files
This action fails the build when there is an hardcoded secrets found in your code.
severity - Severity to watch out for. The pipeline fails if the action detecs any of severity from the input.
result - List of vulnerabilities detetced with there severity.
on: [push]
jobs:
secret-checker:
runs-on: ubuntu-latest
name: Vulnerabilities check
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Check for vulnerabilities
id: checks
uses: maddygoround/secretduty@v1.3
- name: Get results of scan
run: echo "Scan Results - ${{ steps.checks.outputs.result }}"on: [push]
jobs:
secret-checker:
runs-on: ubuntu-latest
name: Vulnerabilities check
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Check for vulnerabilities
id: checks
uses: maddygoround/secretduty@v1.3
with:
severity: "['CRITICAL','MAJOR']"
- name: Get results of scan
run: echo "Scan Results - ${{ steps.checks.outputs.result }}"- CRITICAL
- MAJOR
- MINOR
- BLOCKED
The scripts and documentation in this project are released under the MIT License.