Use this action to detect secrets and sensitive information in the codebase with TruffleHog, an open-source secret scanning tool.
This action provides flexibility to allow users to either scan a local codebase, or provide a URL to scan a remote repository. When a repository URL is specified, the TruffleHog action examines the code directly from the specified repository. If no URL is provided, the action scans the code present in the local working directory.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required | Description |
---|---|---|---|
|
string |
No |
The token for authentication. |
|
string |
No |
The URL of the Git repository to scan.
If |
|
string |
Yes |
The branch of the repository to scan.
If |
|
string |
No |
The path of the directory to scan.
If not specified, the standard CloudBees |
Usage examples
In your YAML file, add:
- name: Run TruffleHog code scan uses: cloudbees-io/trufflehog-secret-scan-code@v1 with: token: ${{ secrets.TOKEN }} repoUrl: ${{ repositoryUrl }} branch: ${{ branch }}
In the following example, a local codebase is scanned:
steps: - name: Check out source code uses: cloudbees-io/checkout@v1 - name: Run TruffleHog secret scan on local source code uses: cloudbees-io/trufflehog-secret-scan-code@v1 with: branch: ${{ cloudbees.scm.branch }}