File tree Expand file tree Collapse file tree 1 file changed +13
-2
lines changed Expand file tree Collapse file tree 1 file changed +13
-2
lines changed Original file line number Diff line number Diff line change 4949 # -Dsonar.host.url=https://sonarcloud.io
5050 # -Dsonar.login=${{ secrets.SONAR_TOKEN }}
5151
52+ # Step: Install TruffleHog CLI
5253 - name : Install TruffleHog CLI
5354 run : |
5455 wget https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.11/trufflehog_3.90.11_linux_amd64.tar.gz -O trufflehog.tar.gz
@@ -58,11 +59,21 @@ jobs:
5859 mv trufflehog ~/.local/bin/
5960 echo "$HOME/.local/bin" >> $GITHUB_PATH
6061 trufflehog --version
61-
62+
63+ # Step: Run TruffleHog Secret Scan
6264 - name : Run TruffleHog Secret Scan
6365 run : |
6466 echo "Running TruffleHog secret scan..."
65- trufflehog filesystem --directory=. || true
67+ trufflehog filesystem --directory=. --json > trufflehog_output.json || true
68+
69+ # Check if any secrets were found
70+ if grep -q '"DetectorType":' trufflehog_output.json; then
71+ echo "Secrets detected! Please remove hardcoded credentials or API keys before proceeding."
72+ cat trufflehog_output.json | jq '.Results[] | {Source, DetectorName, Raw}' || true
73+ exit 1
74+ else
75+ echo "No secrets found! Proceeding to next stage..."
76+ fi
6677
6778 # Snyk Scan - SCA
6879 # - name: Download Snyk CLI
You can’t perform that action at this time.
0 commit comments