Skip to content
Security Audits Workflow

Security Audits Workflow #542

Sign in to view logs

Security Audits Workflow

Security Audits Workflow #542

Workflow file for this run

.github/workflows/gitleaks-workflow.yaml at e81d8c7
# A workflow that runs security scanners to audit the repo
# 1. Gitleaks secret scan
name: Security Audits Workflow
on:
pull_request:
branches: [ "main" ]
schedule:
- cron: '42 12 * * 0'
workflow_dispatch:
env:
BRANCH_NAME: ${{ github.ref_name }}
permissions:
contents: read
jobs:
gitleaks:
permissions:
contents: read # for actions/checkout to fetch code
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
disable-sudo: true
egress-policy: block
disable-telemetry: false
allowed-endpoints: >
github.com:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Run Gitleaks
id: gitleaks
uses: DariuszPorowski/github-action-gitleaks@5c3e70f794d4c928460daf621eff608f477c2510 # v2.0.9
with:
report_format: csv
fail: false
# (optional) It's just to see outputs from the Action
- name: Get the output from the gitleaks step
run: |
echo "exitcode: ${{ steps.gitleaks.outputs.exitcode }}"
echo "result: ${{ steps.gitleaks.outputs.result }}"
echo "output: ${{ steps.gitleaks.outputs.output }}"
echo "command: ${{ steps.gitleaks.outputs.command }}"
echo "report: ${{ steps.gitleaks.outputs.report }}"
- name: Upload Gitleaks report as attachment
if: steps.gitleaks.outputs.exitcode == 1
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
with:
name: gitleaks results SARIF
path: ${{ steps.gitleaks.outputs.report }}