Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reusable Trufflehog Workflow #54

Merged
merged 13 commits into from
Aug 10, 2022
Merged

Reusable Trufflehog Workflow #54

merged 13 commits into from
Aug 10, 2022

Conversation

lucie-at-staffbase
Copy link
Contributor

@lucie-at-staffbase lucie-at-staffbase commented Aug 2, 2022
edited
Loading

Type of Change

  • Bugfix
  • Enhancement / new feature
  • Refactoring
  • Documentation

Description

  • This workflow aims to automate repository secret scanning via Trufflehog. Here you can find an example, where the reusable secret scan is being used.

Checklist

  • Add relevant labels (for example type of change or patch/minor/major)
  • Make sure not to introduce some mistakes
  • Update documentation
  • Review the Contributing Guideline and sign CLA
  • Reference relevant issue(s) and close them after merging

@lucie-at-staffbase lucie-at-staffbase requested a review from a team as a code owner August 2, 2022 09:26
@github-actions
Copy link
Contributor

github-actions bot commented Aug 2, 2022
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

timdittler
timdittler requested changes Aug 2, 2022
View reviewed changes
Copy link
Contributor

@timdittler timdittler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the PR.

  • Can you please make sure the YAMLlint passes?
  • Please rename the workflow to template_secret_scan.yml to keep the naming consistent.
  • Please add a comment on what this workflow is intended to do
  • Please add a link to the PR to some code where you're using this workflow
    Thanks!

.github/workflows/trufflehog_secretscan.yml Outdated Show resolved Hide resolved
@lucie-at-staffbase
Copy link
Contributor Author

"I have read the CLA Document and I hereby sign the CLA"

@lucie-at-staffbase
Update README.md
8695a3a 
"I have read the CLA Document and I hereby sign the CLA"
github-actions bot added a commit that referenced this pull request Aug 2, 2022
@github-actions
@lucie-at-staffbase has signed the CLA from Pull Request #54
057f503
@lucie-at-staffbase
Copy link
Contributor Author

This workflow aims to automate repository secret scanning via Trufflehog. Here you can find an example, where the reusable secret scan is being used.

timdittler
timdittler requested changes Aug 2, 2022
View reviewed changes
README.md Outdated Show resolved Hide resolved
@lucie-at-staffbase @timdittler
Update README.md
df54503 
Co-authored-by: Tim Dittler <93928360+timdittler@users.noreply.github.com>
flaxel
flaxel requested changes Aug 2, 2022
View reviewed changes
Copy link
Contributor

@flaxel flaxel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution. 🙏 Really appreciated! 😄

A general question for me: How is this different from GitHub Secret Scanning?

.github/workflows/template_secret_scan.yml Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
.github/workflows/template_secret_scan.yml Outdated Show resolved Hide resolved
@timdittler
Copy link
Contributor

How is this different from GitHub Secret Scanning?

  1. Trufflehog has so-called verifiers, that check if credentials are actually able to do a log in
  2. It's open source
  3. It'f free of charge in this setting

lucie-at-staffbase and others added 4 commits August 9, 2022 08:52
@lucie-at-staffbase @flaxel
Update .github/workflows/template_secret_scan.yml
c2645c2 
Co-authored-by: Falk Puschner <falk.puschner@arcor.de>
@lucie-at-staffbase @flaxel
Update README.md
1dfba03 
Co-authored-by: Falk Puschner <falk.puschner@arcor.de>
@lucie-at-staffbase
Update README.md
2ccc076
@lucie-at-staffbase
Update template_secret_scan.yml
a512e6e
lucie-at-staffbase
lucie-at-staffbase commented Aug 9, 2022
View reviewed changes
Copy link
Contributor Author

@lucie-at-staffbase lucie-at-staffbase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Falk, ich hoffe ich habe alles angepasst und nichts übersehen. Sag gern Bescheid, falls doch.

flaxel
flaxel approved these changes Aug 10, 2022
View reviewed changes
README.md
@@ -165,6 +165,21 @@ jobs:
# optional: version to be associated with the release
version: X.Y.Z
```
</details>

### Secret Scanning
Copy link
Contributor

@flaxel flaxel Aug 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😆

Suggested change
### Secret Scanning
### Secret Scanning

@flaxel flaxel added the enhancement New feature or request label Aug 10, 2022
@flaxel flaxel added the minor Pull requests with new features label Aug 10, 2022
@lucie-at-staffbase lucie-at-staffbase merged commit c87db6b into main Aug 10, 2022
@lucie-at-staffbase lucie-at-staffbase deleted the reusabletrufflehog branch August 10, 2022 09:05
@github-actions github-actions bot locked and limited conversation to collaborators Aug 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@flaxel flaxel flaxel approved these changes

@timdittler timdittler timdittler approved these changes

Assignees

@flaxel flaxel

@timdittler timdittler

Labels
enhancement New feature or request minor Pull requests with new features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lucie-at-staffbase @timdittler @flaxel