File tree Expand file tree Collapse file tree 1 file changed +7
-9
lines changed Expand file tree Collapse file tree 1 file changed +7
-9
lines changed Original file line number Diff line number Diff line change 4949 # -Dsonar.host.url=https://sonarcloud.io
5050 # -Dsonar.login=${{ secrets.SONAR_TOKEN }}
5151
52- # Step: Install TruffleHog CLI
5352 - name : Install TruffleHog CLI
5453 run : |
54+ echo "Installing TruffleHog CLI..."
5555 wget https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.11/trufflehog_3.90.11_linux_amd64.tar.gz -O trufflehog.tar.gz
5656 tar -xvf trufflehog.tar.gz
5757 chmod +x trufflehog
@@ -60,19 +60,17 @@ jobs:
6060 echo "$HOME/.local/bin" >> $GITHUB_PATH
6161 trufflehog --version
6262
63- # Step: Run TruffleHog Secret Scan
6463 - name : Run TruffleHog Secret Scan
6564 run : |
6665 echo "Running TruffleHog secret scan..."
67- trufflehog filesystem --directory=. --json > trufflehog_output.json || true
66+ trufflehog . > scan_output.log 2>&1 || true
6867
69- # Check if any secrets were found
70- if grep -q '"DetectorType":' trufflehog_output.json; then
71- echo "Secrets detected! Please remove hardcoded credentials or API keys before proceeding."
72- cat trufflehog_output.json | jq '.Results[] | {Source, DetectorName, Raw}' || true
73- exit 1
68+ if grep -q "verified_secrets\":0" scan_output.log && ! grep -q "verified_secrets\" : [1-9]" scan_output.log; then
69+ echo "No secrets found. Proceeding to next stage..."
7470 else
75- echo "No secrets found! Proceeding to next stage..."
71+ echo "Secrets detected! Please remove hardcoded credentials or API keys."
72+ cat scan_output.log
73+ exit 1
7674 fi
7775
7876 # Snyk Scan - SCA
You can’t perform that action at this time.
0 commit comments