Skip to content

chore: add secret leak scan #1

chore: add secret leak scan

chore: add secret leak scan #1

Workflow file for this run

name: Secret Scan
on:
push:
branches: [ "**" ]
pull_request:
branches: [ "**" ]
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
gitleaks:
name: Gitleaks Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go (for potential custom builds)
uses: actions/setup-go@v5
with:
go-version: '1.22'
- name: Download gitleaks
run: |
curl -sSL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_$(uname -s)_$(uname -m).tar.gz -o gitleaks.tar.gz
tar -xzf gitleaks.tar.gz gitleaks
sudo mv gitleaks /usr/local/bin/
gitleaks version
- name: Run gitleaks
id: gitleaks
run: |
set -e
gitleaks detect --config=.gitleaks.toml --report-format sarif --report-path gitleaks.sarif || echo "Gitleaks detected potential leaks (recorded in SARIF)"
- name: Upload SARIF to code scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: gitleaks.sarif