diff options
Diffstat (limited to '.github/workflows/secret-scanner.yml')
| -rw-r--r-- | .github/workflows/secret-scanner.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml new file mode 100644 index 0000000..8210953 --- /dev/null +++ b/.github/workflows/secret-scanner.yml @@ -0,0 +1,30 @@ +# Secret-scanner workflow from Arista Networks. +on: + pull_request: + types: [synchronize] + push: + branches: + - main +name: Secret Scanner (go/secret-scanner) +jobs: + scan_secret: + name: Scan incoming changes + runs-on: ubuntu-latest + container: + image: ghcr.io/aristanetworks/secret-scanner-service:main + options: --name sss-scanner + steps: + - name: Checkout ${{ github.ref }} + # Hitting https://github.com/actions/checkout/issues/334 so trying v1 + uses: actions/checkout@v1 + with: + fetch-depth: 0 + - name: Run scanner + run: | + git config --global --add safe.directory $GITHUB_WORKSPACE + scanner commit . github ${{ github.repository }} \ + --markdown-file job_summary.md \ + ${{ github.event_name == 'pull_request' && format('--since-commit {0}', github.event.pull_request.base.sha) || ''}} + - name: Write result to summary + run: cat ./job_summary.md >> $GITHUB_STEP_SUMMARY + if: ${{ always() }} |