Introduction
Architecture
Onboard
Introduction
IntroductionPromote an image in Amazon ECRDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryStore an object on Amazon S3Retrieve an object from Amazon S3
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Argo WorkflowsCopy a remote image with CraneDeploy a binary with EC2Deploy to ECSRender an ECS task definitionBuild a container image with KanikoDeploy with OctopusDeploy with Spinnaker
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxFind Security BugsGitHub Security ScannerGosecMendNexus IQSnykSonarQube bundledSonarQube
IntroductionMendSnyk
IntroductionTruffleHog ContainerTruffleHog Code

CloudBees action: Scan code with TruffleHog

1 minute read

Use this action to detect secrets and sensitive information in the codebase with TruffleHog, an open-source secret scanning tool.

This action provides flexibility to allow users to either scan a local codebase, or provide a URL to scan a remote repository. When a repository URL is specified, the TruffleHog action examines the code directly from the specified repository. If no URL is provided, the action scans the code present in the local working directory.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required Description

token

string

No

The token for authentication.

repoUrl

string

No

The URL of the Git repository to scan. If repoUrl is not specified, the current repository is scanned.

branch

string

Yes

The branch of the repository to scan. If repoUrl is not specified, this must be the current branch.

path

string

No

The path of the directory to scan. If not specified, the standard CloudBees workspace directory is scanned.

Usage examples

In your YAML file, add:

      - name: Run TruffleHog code scan
        uses: cloudbees-io/trufflehog-secret-scan-code@v1
        with:
          token: ${{ secrets.TOKEN }}
          repoUrl: ${{ repositoryUrl }}
          branch: ${{ branch }}

In the following example, a local codebase is scanned:

    steps:
      - name: Check out source code
        uses: cloudbees-io/checkout@v1

      - name: Run TruffleHog secret scan on local source code
        uses: cloudbees-io/trufflehog-secret-scan-code@v1
        with:
          branch: ${{ cloudbees.scm.branch }}
TruffleHog Container