From 96f0d086f081cf2c067652879bd38f99c4388160 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 15 Mar 2024 13:14:15 +0530 Subject: [PATCH 01/56] Update PAT --- PAT | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PAT b/PAT index 72d6997..6ba1f1d 100644 --- a/PAT +++ b/PAT @@ -1,2 +1,2 @@ [default] -PAT = ***REMOVED*** \ No newline at end of file +PAT = ***REMOVED*** From fb237d07d39dca506bfc4a209c84db762db02045 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 15 Mar 2024 13:17:24 +0530 Subject: [PATCH 02/56] Update PAT From 99d0d886354c62d5958863bb112345d0ae95484a Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Fri, 15 Mar 2024 13:24:53 +0530 Subject: [PATCH 03/56] Update keys --- keys | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keys b/keys index a019b22..e00804f 100644 --- a/keys +++ b/keys @@ -6,7 +6,7 @@ Private key: -----BEGIN OPENSSH PRIVATE KEY----- ***REMOVED***NIZuun xgLkM8KuzfmQuRAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDe3Al0EMPz -utVNk5DixaYrGMK56RqUoqGBinke6SWVWmqom1lBcJWzor6HlnMRPPr7YCEsJKL4IpuVwu +utVNk5DixaYrGMK56RqUoqGBinke6SWVWmqom1lBcJWzor6HlnMRPPr7YCEsJKL4IpuVwv inRa5kdtNTyM7yyQTSR2xXCS0fUItNuq8pUktsH8VUggpMeew8hJv7rFA7tnIg3UXCl6iF OLZKbDA5aa24idpcD8b1I9/RzTOB1fu0of5xd9vgODzGw5JvHQSJ0FaA42aNBMGwrDhDB3 sgnRNdWf6NNIh8KpXXMKJADf3klsyn6He8L2bPMp8a4wwys2YB35p5zQ0JURovsdewlOxH From f7954b6cc3e4d8f22a9734f7408d30385b8aae67 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 17:45:07 +0530 Subject: [PATCH 04/56] Create trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/trufflehog-secret-scan.yaml diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml new file mode 100644 index 0000000..52a2acb --- /dev/null +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -0,0 +1,13 @@ +name: CI +on: push +jobs: + trufflehog: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Secret Scanning using TruffleHog + uses: trufflesecurity/trufflehog@main + with: + base: "" + head: ${{ github.ref_name }} + extra_args: --debug From 5d6b7e56864198dabfe858f788da8918cdf77b18 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 17:47:15 +0530 Subject: [PATCH 05/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 52a2acb..afefdf1 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,4 +10,4 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug + extra_args: --debug --only-verified From bebdb81d4c65ff89876c16014a2e0372f940542f Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 17:58:00 +0530 Subject: [PATCH 06/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index afefdf1..c4e3e0b 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,4 +10,4 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug --only-verified + extra_args: --debug --only-verified --json From c69134865336d8277bad989387c8a99862991f56 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 17:59:45 +0530 Subject: [PATCH 07/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index c4e3e0b..ad7eee9 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,4 +10,4 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug --only-verified --json + extra_args: --debug --only-verified --github-actions From e31ee33ba2c3dd76eb93e9f10cbcfeabe13e1fcd Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:01:54 +0530 Subject: [PATCH 08/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index ad7eee9..cb52488 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,4 +10,9 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug --only-verified --github-actions + extra_args: --debug --only-verified --json > trufflehog-secret-scan-result.json + - name: Upload Trufflehog Result + uses: actions/upload-artifact@v2 + with: + name: TruffleHog secret scan result + path: trufflehog-secret-scan-result.json From 2446c34c8d12d745b112f59eb4b36989d02d9c31 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:02:48 +0530 Subject: [PATCH 09/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index cb52488..3d6d787 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,7 +10,7 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug --only-verified --json > trufflehog-secret-scan-result.json + extra_args: --debug --only-verified --json=trufflehog-secret-scan-result.json - name: Upload Trufflehog Result uses: actions/upload-artifact@v2 with: From e21a0f5c8ecad07dbc2356a2f4fc8de173f15c1c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:03:34 +0530 Subject: [PATCH 10/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 3d6d787..c02ef24 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,7 +10,7 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --debug --only-verified --json=trufflehog-secret-scan-result.json + extra_args: --help - name: Upload Trufflehog Result uses: actions/upload-artifact@v2 with: From f138740c50b81d5ab5cb342d4a095d0f32ef64e2 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:08:06 +0530 Subject: [PATCH 11/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index c02ef24..f0ffc3d 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,9 +10,5 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --help - - name: Upload Trufflehog Result - uses: actions/upload-artifact@v2 - with: - name: TruffleHog secret scan result - path: trufflehog-secret-scan-result.json + extra_args: --json + From bcd4c877517d191781d3c30a9ca910722325e3bf Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:10:58 +0530 Subject: [PATCH 12/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index f0ffc3d..aaadd73 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -10,5 +10,5 @@ jobs: with: base: "" head: ${{ github.ref_name }} - extra_args: --json + extra_args: --only-verified --json From fc72ab611bdc8426e96d9b56b14d9c844aba49ae Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:16:42 +0530 Subject: [PATCH 13/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 29 ++++++++++++++----- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index aaadd73..bfe8822 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -3,12 +3,27 @@ on: push jobs: trufflehog: runs-on: ubuntu-latest + + env: + ORG_NAME: ${{ secrets.TRUFFLEHOG_ORG_NAME }} + PAT_TOKEN: ${{ secrets.PAT_TOKEN }} + steps: - - uses: actions/checkout@v2 - - name: Secret Scanning using TruffleHog - uses: trufflesecurity/trufflehog@main - with: - base: "" - head: ${{ github.ref_name }} - extra_args: --only-verified --json + - name: Checkout repository + uses: actions/checkout@v2 + - name: Secret Scanning + run: | + ls + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest file . --only-verified > trufflehog_result.txt + # Add error handling if the previous command fails + if [ $? -ne 0 ]; then + echo "Trufflehog execution failed" + exit 1 + fi + + - name: Upload Trufflehog Result + uses: actions/upload-artifact@v2 + with: + name: trufflehog-result + path: trufflehog_result.txt From f3ff285901d11912db7a2da3617d4af90875a832 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:17:41 +0530 Subject: [PATCH 14/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index bfe8822..39d8955 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | ls - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest file . --only-verified > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem . --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 41acd011fdefcb606350b5fcecf03f2152a9f65e Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:23:33 +0530 Subject: [PATCH 15/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 39d8955..5c7a48a 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -14,7 +14,7 @@ jobs: - name: Secret Scanning run: | - ls + echo "Branch name is ${GITHUB_REF##*/}" docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem . --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then From 488c83100298a13621cfe8aecc7a9b6764d27061 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:25:42 +0530 Subject: [PATCH 16/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 5c7a48a..89b079f 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest filesystem . --only-verified > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit ${GITHUB_REF##*/} --branch HEAD --only-verified --fail > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 233e7932aeb7a7491aadfa0a4b14ba7c48b7274f Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:27:12 +0530 Subject: [PATCH 17/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 89b079f..4e5d378 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit ${GITHUB_REF##*/} --branch HEAD --only-verified --fail > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit main --branch HEAD --only-verified --fail > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From bf859d16d4329b49a83187fd174b0fca95c3047d Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:29:17 +0530 Subject: [PATCH 18/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 4e5d378..f3303dd 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit main --branch HEAD --only-verified --fail > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --branch HEAD --only-verified --fail > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 3239a78f85dc46609fb1be1c9e1dd76aafa7119d Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 18:30:04 +0530 Subject: [PATCH 19/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index f3303dd..ce15e22 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --branch HEAD --only-verified --fail > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --branch HEAD --only-verified --fail --debug > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From cce58868b35631b20907862995a759e31b52b98c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:01:22 +0530 Subject: [PATCH 20/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index ce15e22..75e19aa 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --branch HEAD --only-verified --fail --debug > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit main --only-verified --fail --debug > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 44b77a56f90d21b2e5457b5f8536abbe3c65df4b Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:12:07 +0530 Subject: [PATCH 21/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 75e19aa..49a92bf 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -14,8 +14,9 @@ jobs: - name: Secret Scanning run: | + echo "The repository name is ${{ env.GITHUB_REPOSITORY }}" echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git file://. --since-commit main --only-verified --fail --debug > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/trufflesecurity/test_keys --only-verified --json > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" @@ -25,5 +26,5 @@ jobs: - name: Upload Trufflehog Result uses: actions/upload-artifact@v2 with: - name: trufflehog-result + name: TruffleHog Results path: trufflehog_result.txt From fccc1e4c6a8c001d8716ab86fc178c353db220da Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:14:17 +0530 Subject: [PATCH 22/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 49a92bf..ed4fb7c 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -7,6 +7,7 @@ jobs: env: ORG_NAME: ${{ secrets.TRUFFLEHOG_ORG_NAME }} PAT_TOKEN: ${{ secrets.PAT_TOKEN }} + REPO_NAME: ${{ env.GITHUB_REPOSITORY }} steps: - name: Checkout repository @@ -14,7 +15,7 @@ jobs: - name: Secret Scanning run: | - echo "The repository name is ${{ env.GITHUB_REPOSITORY }}" + echo "The repository name is $REPO_NAME" echo "Branch name is ${GITHUB_REF##*/}" docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/trufflesecurity/test_keys --only-verified --json > trufflehog_result.txt # Add error handling if the previous command fails From e09255cacea6140054de1accf4bd1a65372b2a2c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:15:17 +0530 Subject: [PATCH 23/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index ed4fb7c..ce1ab8e 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: - name: Secret Scanning run: | - echo "The repository name is $REPO_NAME" + echo $REPO_NAME echo "Branch name is ${GITHUB_REF##*/}" docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/trufflesecurity/test_keys --only-verified --json > trufflehog_result.txt # Add error handling if the previous command fails From 973dff574003796599acdd4b2573c2e9cb6538ef Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:16:37 +0530 Subject: [PATCH 24/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index ce1ab8e..a41f1ac 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -7,7 +7,6 @@ jobs: env: ORG_NAME: ${{ secrets.TRUFFLEHOG_ORG_NAME }} PAT_TOKEN: ${{ secrets.PAT_TOKEN }} - REPO_NAME: ${{ env.GITHUB_REPOSITORY }} steps: - name: Checkout repository @@ -15,7 +14,7 @@ jobs: - name: Secret Scanning run: | - echo $REPO_NAME + echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/trufflesecurity/test_keys --only-verified --json > trufflehog_result.txt # Add error handling if the previous command fails From 365812c07e546e0253a736051160be6557aca1da Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:17:31 +0530 Subject: [PATCH 25/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index a41f1ac..5abf674 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -16,7 +16,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/trufflesecurity/test_keys --only-verified --json > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --json > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From a25d11775f8be0b1f06bd7d1a6d4d7378119965b Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:19:51 +0530 Subject: [PATCH 26/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 5abf674..7b2229b 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -16,7 +16,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --json > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From b5ef3336568ef42c365412bec0796bc8052dcc02 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:22:54 +0530 Subject: [PATCH 27/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 7b2229b..0aec475 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -11,7 +11,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - - name: Secret Scanning run: | echo $GITHUB_REPOSITORY @@ -22,9 +21,11 @@ jobs: echo "Trufflehog execution failed" exit 1 fi - - name: Upload Trufflehog Result uses: actions/upload-artifact@v2 with: name: TruffleHog Results path: trufflehog_result.txt + - name: Add output to Job Summary + run: trufflehog_result.txt >> $GITHUB_STEP_SUMMARY + shell: bash From c607c3e202b8831685fe3c33755d9e2838199326 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:23:38 +0530 Subject: [PATCH 28/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 0aec475..1099d01 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -27,5 +27,5 @@ jobs: name: TruffleHog Results path: trufflehog_result.txt - name: Add output to Job Summary - run: trufflehog_result.txt >> $GITHUB_STEP_SUMMARY + run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash From 9419e9d8042e7ef4c7a7ec7256d3dc6eb18631e7 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:26:38 +0530 Subject: [PATCH 29/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 1099d01..1789998 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --fail > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 21db05e493b2e86a352ed64338fe9fb8edb3c50e Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:28:09 +0530 Subject: [PATCH 30/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 1789998..ff5b1ab 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --fail > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --json > trufflehog_result.json # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" @@ -25,7 +25,7 @@ jobs: uses: actions/upload-artifact@v2 with: name: TruffleHog Results - path: trufflehog_result.txt + path: trufflehog_result.json - name: Add output to Job Summary - run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY + run: cat trufflehog_result.json >> $GITHUB_STEP_SUMMARY shell: bash From 355af3f1174c40895ad8552ad6d55c35256be981 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:30:31 +0530 Subject: [PATCH 31/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index ff5b1ab..dd69574 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --json > trufflehog_result.json + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --github-actions > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" @@ -25,7 +25,7 @@ jobs: uses: actions/upload-artifact@v2 with: name: TruffleHog Results - path: trufflehog_result.json + path: trufflehog_result.txt - name: Add output to Job Summary - run: cat trufflehog_result.json >> $GITHUB_STEP_SUMMARY + run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash From 60448ce94335c8b03971139b6c9bdade7b202ea0 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:32:02 +0530 Subject: [PATCH 32/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index dd69574..4dd2e5d 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --github-actions > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --github-actions --debug # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 2ef2d117fdd530501fe5e3a8d748e881bd3d31be Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:33:37 +0530 Subject: [PATCH 33/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 4dd2e5d..1099d01 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified --github-actions --debug + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 99ee6d297308a445f6ea08918bdde3b2301c845e Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:34:30 +0530 Subject: [PATCH 34/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 1099d01..f48d919 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 1e5d117abd85b96b1235b7f551750d0e50605858 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:42:29 +0530 Subject: [PATCH 35/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index f48d919..279852f 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -29,3 +29,14 @@ jobs: - name: Add output to Job Summary run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash + - name: Check file size + run: | + FILE_PATH="trufflehog_result.txt" + FILE_SIZE=$(stat -c %s "$FILE_PATH") + + if [ "$FILE_SIZE" -eq 0 ]; then + echo "Error: File size is zero!" + exit 1 + else + echo "File size is not zero." + fi From fc70d3ccb70b875c56834921c608f0319962b941 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:44:48 +0530 Subject: [PATCH 36/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 279852f..6b70075 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -39,4 +39,6 @@ jobs: exit 1 else echo "File size is not zero." + exit 0 fi + From 3b593b7043386fd99bd4db87832de864feca4934 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:45:54 +0530 Subject: [PATCH 37/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 6b70075..593b8c1 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -39,6 +39,6 @@ jobs: exit 1 else echo "File size is not zero." - exit 0 fi + exit 0 From 62a818bd7f62aef16181d768c5e5143fbec79515 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:48:46 +0530 Subject: [PATCH 38/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 593b8c1..412b153 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -36,9 +36,10 @@ jobs: if [ "$FILE_SIZE" -eq 0 ]; then echo "Error: File size is zero!" - exit 1 + exit 0 else echo "File size is not zero." + exit 1 fi - exit 0 + From f06f0cf417224f2c65c08f9dcb4dc2fa1bf6419e Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 19:50:48 +0530 Subject: [PATCH 39/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 412b153..4b73a96 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -15,7 +15,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 8d87788f4752eee1e96501f62560344874eaf244 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 20:03:53 +0530 Subject: [PATCH 40/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 4b73a96..d9b143c 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -3,11 +3,9 @@ on: push jobs: trufflehog: runs-on: ubuntu-latest - env: ORG_NAME: ${{ secrets.TRUFFLEHOG_ORG_NAME }} PAT_TOKEN: ${{ secrets.PAT_TOKEN }} - steps: - name: Checkout repository uses: actions/checkout@v2 @@ -15,7 +13,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest git https://github.com/$GITHUB_REPOSITORY --only-verified > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo=https://github.com/$GITHUB_REPOSITORY --token=$PAT_TOKEN > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" @@ -35,11 +33,9 @@ jobs: FILE_SIZE=$(stat -c %s "$FILE_PATH") if [ "$FILE_SIZE" -eq 0 ]; then - echo "Error: File size is zero!" + echo "No Secrets Found" >> $GITHUB_STEP_SUMMARY exit 0 else echo "File size is not zero." exit 1 fi - - From 443ca9c569674ea42a8443a3c36449fc342941d9 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 20:05:12 +0530 Subject: [PATCH 41/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index d9b143c..5d99461 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -9,6 +9,7 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 + - name: Secret Scanning run: | echo $GITHUB_REPOSITORY @@ -19,14 +20,17 @@ jobs: echo "Trufflehog execution failed" exit 1 fi + - name: Upload Trufflehog Result uses: actions/upload-artifact@v2 with: name: TruffleHog Results path: trufflehog_result.txt + - name: Add output to Job Summary run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash + - name: Check file size run: | FILE_PATH="trufflehog_result.txt" From e89712cff4b74a0bea0df8e51c194fdf3371067c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Mon, 18 Mar 2024 20:06:44 +0530 Subject: [PATCH 42/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 5d99461..26668c3 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -14,7 +14,7 @@ jobs: run: | echo $GITHUB_REPOSITORY echo "Branch name is ${GITHUB_REF##*/}" - docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo=https://github.com/$GITHUB_REPOSITORY --token=$PAT_TOKEN > trufflehog_result.txt + docker run --rm -e DOCKER_TTY=0 -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --repo=https://github.com/$GITHUB_REPOSITORY --token=$PAT_TOKEN --only-verified > trufflehog_result.txt # Add error handling if the previous command fails if [ $? -ne 0 ]; then echo "Trufflehog execution failed" From 7e4f5ed681a7f0bd57bac60affa7567e9fb444cd Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:29:14 +0530 Subject: [PATCH 43/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 26668c3..8447574 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -30,6 +30,17 @@ jobs: - name: Add output to Job Summary run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash + + - name: Add a comment to the PR + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + COMMENT: $(cat comment.txt) + run: | + curl -X POST \ + -H "Authorization: token $GH_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\": \"$COMMENT\"}" \ + "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments" - name: Check file size run: | From 6f4c8935fa96df566729019daaf8faa9568fd006 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:33:00 +0530 Subject: [PATCH 44/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 8447574..f189483 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -30,11 +30,17 @@ jobs: - name: Add output to Job Summary run: cat trufflehog_result.txt >> $GITHUB_STEP_SUMMARY shell: bash - + + - name: Read comment from file + id: read-comment + run: | + COMMENT=$(cat trufflehog_result.txt) + echo "::set-output name=comment::$COMMENT" + - name: Add a comment to the PR env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - COMMENT: $(cat comment.txt) + COMMENT: ${{ steps.read-comment.outputs.comment }} run: | curl -X POST \ -H "Authorization: token $GH_TOKEN" \ From 482f6181b010b459b377a0993d5735c459a29e22 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:36:25 +0530 Subject: [PATCH 45/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index f189483..1e7fced 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -39,7 +39,7 @@ jobs: - name: Add a comment to the PR env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} run: | curl -X POST \ From eaa9c962b5f9675d4c13e093c1b78e78464aa0bb Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:39:19 +0530 Subject: [PATCH 46/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 1e7fced..a06277d 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -42,6 +42,7 @@ jobs: GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} run: | + COMMENT=$(echo "$COMMENT" | base64 -d) curl -X POST \ -H "Authorization: token $GH_TOKEN" \ -H "Content-Type: application/json" \ From 0d393fe49a4dab8d3b5a1157f054bbe6461013d1 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:43:28 +0530 Subject: [PATCH 47/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index a06277d..3941603 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -34,14 +34,15 @@ jobs: - name: Read comment from file id: read-comment run: | - COMMENT=$(cat trufflehog_result.txt) - echo "::set-output name=comment::$COMMENT" - + COMMENT=$(cat comment.txt | base64) + echo "::set-output name=comment::$COMMENT" + - name: Add a comment to the PR env: - GH_TOKEN: ${{ secrets.PAT_TOKEN }} - COMMENT: ${{ steps.read-comment.outputs.comment }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} + COMMENT: ${{ steps.read-comment.outputs.comment }} run: | + echo ${GITHUB_REPOSITORY} COMMENT=$(echo "$COMMENT" | base64 -d) curl -X POST \ -H "Authorization: token $GH_TOKEN" \ From 98fdf949589c49bb2f632f682cac71db6f2849a9 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:47:15 +0530 Subject: [PATCH 48/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 3941603..b9915e6 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -42,13 +42,13 @@ jobs: GH_TOKEN: ${{ secrets.GH_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} run: | - echo ${GITHUB_REPOSITORY} + echo $GITHUB_REPOSITORY COMMENT=$(echo "$COMMENT" | base64 -d) curl -X POST \ -H "Authorization: token $GH_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"body\": \"$COMMENT\"}" \ - "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments" + "https://api.github.com/repos/$GITHUB_REPOSITORY/issues/${{ github.event.pull_request.number }}/comments" - name: Check file size run: | From 1429b13f769adda943baa75ce52aaad7406da24c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:49:12 +0530 Subject: [PATCH 49/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index b9915e6..22b0aa2 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -39,7 +39,7 @@ jobs: - name: Add a comment to the PR env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} run: | echo $GITHUB_REPOSITORY @@ -48,7 +48,7 @@ jobs: -H "Authorization: token $GH_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"body\": \"$COMMENT\"}" \ - "https://api.github.com/repos/$GITHUB_REPOSITORY/issues/${{ github.event.pull_request.number }}/comments" + "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments" - name: Check file size run: | From 7a12650ee0921b8cf98ce22f71eed13af6a404c8 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:51:17 +0530 Subject: [PATCH 50/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 22b0aa2..692b859 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -34,7 +34,7 @@ jobs: - name: Read comment from file id: read-comment run: | - COMMENT=$(cat comment.txt | base64) + COMMENT=$(cat trufflehog_result.txt | base64) echo "::set-output name=comment::$COMMENT" - name: Add a comment to the PR @@ -42,7 +42,7 @@ jobs: GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} run: | - echo $GITHUB_REPOSITORY + echo ${{ github.event.pull_request.number }} COMMENT=$(echo "$COMMENT" | base64 -d) curl -X POST \ -H "Authorization: token $GH_TOKEN" \ From 43d9221bc7868034fdc7813f8f86748aea3c3cca Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 17:59:34 +0530 Subject: [PATCH 51/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 692b859..bbd300e 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -44,11 +44,13 @@ jobs: run: | echo ${{ github.event.pull_request.number }} COMMENT=$(echo "$COMMENT" | base64 -d) - curl -X POST \ - -H "Authorization: token $GH_TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"body\": \"$COMMENT\"}" \ - "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments" + curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/comments \ + -d '{"body":"Great stuff!","commit_id":"${{ steps.commit_sha.outputs.sha }}","path":"file1.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' - name: Check file size run: | From f50857fd9033af92fc30ca28a9b1d67921b94ee0 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 18:01:26 +0530 Subject: [PATCH 52/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index bbd300e..5a37f01 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -43,14 +43,13 @@ jobs: COMMENT: ${{ steps.read-comment.outputs.comment }} run: | echo ${{ github.event.pull_request.number }} - COMMENT=$(echo "$COMMENT" | base64 -d) curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/comments \ - -d '{"body":"Great stuff!","commit_id":"${{ steps.commit_sha.outputs.sha }}","path":"file1.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' + -d '{"body":"Great stuff!","commit_id":"${{ steps.commit_sha.outputs.sha }}","path":"trufflehog_result.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' - name: Check file size run: | From af75c44bb55bc5301452a1ee3ab7be8cef9af695 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 18:05:07 +0530 Subject: [PATCH 53/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 5a37f01..c45af11 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -34,7 +34,7 @@ jobs: - name: Read comment from file id: read-comment run: | - COMMENT=$(cat trufflehog_result.txt | base64) + COMMENT=$(cat trufflehog_result.txt) echo "::set-output name=comment::$COMMENT" - name: Add a comment to the PR From 96432f28b2a90a8e72777da0bd11d3b988ed44b6 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 18:10:57 +0530 Subject: [PATCH 54/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index c45af11..3d41357 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -41,15 +41,20 @@ jobs: env: GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} + PULL_NUMBER: ${{ github.event.pull_request.number }} + COMMIT_ID: ${{ steps.commit_sha.outputs.sha }} run: | - echo ${{ github.event.pull_request.number }} + echo PULL_NUMBER + echo "$PULL_NUMBER" + echo COMMIT_ID + echo "$COMMIT_ID" curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/comments \ - -d '{"body":"Great stuff!","commit_id":"${{ steps.commit_sha.outputs.sha }}","path":"trufflehog_result.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' + https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_NUMBER/comments \ + -d '{"body":"Great stuff!","commit_id":"$COMMIT_ID","path":"trufflehog_result.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' - name: Check file size run: | From 51146416431b44fe5a309b96683b36009d6e0f3c Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 18:15:28 +0530 Subject: [PATCH 55/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 3d41357..692da42 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -41,7 +41,7 @@ jobs: env: GH_TOKEN: ${{ secrets.PAT_TOKEN }} COMMENT: ${{ steps.read-comment.outputs.comment }} - PULL_NUMBER: ${{ github.event.pull_request.number }} + PULL_NUMBER: ${{ github.event.number }} COMMIT_ID: ${{ steps.commit_sha.outputs.sha }} run: | echo PULL_NUMBER @@ -53,7 +53,7 @@ jobs: -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_NUMBER/comments \ + https://api.github.com/repos/${{ github.repository }}/pulls/${ PULL_NUMBER }/comments \ -d '{"body":"Great stuff!","commit_id":"$COMMIT_ID","path":"trufflehog_result.txt","start_line":1,"start_side":"RIGHT","line":2,"side":"RIGHT"}' - name: Check file size From 0e546de8dc2cb3810994d094abefd45bcc3969e9 Mon Sep 17 00:00:00 2001 From: Souradip Ghosh Date: Tue, 26 Mar 2024 18:16:59 +0530 Subject: [PATCH 56/56] Update trufflehog-secret-scan.yaml --- .github/workflows/trufflehog-secret-scan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trufflehog-secret-scan.yaml b/.github/workflows/trufflehog-secret-scan.yaml index 692da42..e4e198d 100644 --- a/.github/workflows/trufflehog-secret-scan.yaml +++ b/.github/workflows/trufflehog-secret-scan.yaml @@ -45,9 +45,9 @@ jobs: COMMIT_ID: ${{ steps.commit_sha.outputs.sha }} run: | echo PULL_NUMBER - echo "$PULL_NUMBER" + echo ${{ github.event.number }} echo COMMIT_ID - echo "$COMMIT_ID" + echo ${{ steps.commit_sha.outputs.sha }} curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \