From db5a9a838f099d0e4ef694183dd3fa35809a8b76 Mon Sep 17 00:00:00 2001
From: Jeffrey Hung <17494876+Jeffreyhung@users.noreply.github.com>
Date: Thu, 31 Oct 2024 01:05:22 +0800
Subject: [PATCH] Update Secret Scan Log Forwarding (#146)

* send failed result to panther

* rename variables

* remove unnecessary `<`

* add continue on error

* send logs to panther for all scans

* remove redundant "

* bump trufflehog to 3.82.13

* missing double quote
---
 .github/workflows/secret-scan.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index b327bff..175dba4 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -29,8 +29,8 @@ jobs:
         #   echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT"
         #   echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT"
         run: |
-          echo "latest_tag_name=v3.80.3" >> "$GITHUB_OUTPUT"
-          echo "latest_release=3.80.3" >> "$GITHUB_OUTPUT"
+          echo "latest_tag_name=v3.82.13" >> "$GITHUB_OUTPUT"
+          echo "latest_release=3.82.13" >> "$GITHUB_OUTPUT"
 
       - name: Download and verify TruffleHog release
         run: |
@@ -64,11 +64,10 @@ jobs:
           fi
       - name: Send Alert to Panther
         id: alert
-        if: steps.scan.outcome != 'success'
         run: |
           curl "${{vars.SECRET_SCAN_PANTHER_WEBHOOK_URL}}" \
             --header "Authorization: Bearer ${{ secrets.SECRET_SCAN_PANTHER_WEBHOOK_HEADER }}" \
-            --data '{"event":"github_secret_scanning_failed", createdAt:"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}"","actor":"${{ github.event.pull_request.user.login }}"}'
+            --data '{"event":"github_secret_scanning", "status":${{steps.scan.outcome}}, "createdAt":"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}","actor":"${{ github.event.pull_request.user.login }}"}'
       - name: Fail workflow if secret detected
         if: steps.scan.outcome != 'success'
         run: exit 1