A Github action to scan your entire codebase for sensitive information such as emails, SSH keys and, AWS secrets and others.
name: 'Check for sensitive data'
on: pull_request
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: Vannevelj/sensitivity@v1.11
with:
path: src
token: ${{ secrets.GITHUB_TOKEN }}
ignorePaths: '["src/__tests__/checker.*.test.ts"]'
ignoreEmails: '[".*@example.com"]'
See it on the Marketplace: https://github.com/marketplace/actions/sensitive-data-check
| Parameter | Required | Description |
|---|---|---|
| path | Yes | The path to your root folder, e.g. src |
| token | Yes | Github authentication token, i.e. ${{ secrets.GITHUB_TOKEN }} |
| ignorePaths | No | Array of globs for paths that will be ignored |
| ignoreEmails | No | Array of email patterns (regex) that will be ignored |
Install the dependencies
npm installBuild the typescript and package it for distribution
npm run allRun the tests
npm testActions are run from GitHub repos so we will checkin the packed dist folder. To generate the updated code, execute the following:
npm run allYou just need to push them and manually create a new release inside Github.
After testing you can create a v1 tag to reference the stable and latest V1 action