-
Notifications
You must be signed in to change notification settings - Fork 0
45 lines (39 loc) · 1.34 KB
/
gitleaks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Gitleaks Scan
on:
push:
branches:
- main
permissions:
id-token: write # This is required for requesting the JWT
contents: read
jobs:
gitleaks_scan:
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
- name: Checkout code
uses: actions/checkout@v3
# - name: configure aws credentials
# uses: aws-actions/configure-aws-credentials@v2.0.0
# with:
# role-to-assume: arn:aws:iam::950579715744:role/security-lake-demo-github-action
# role-session-name: GitHub_to_AWS_via_FederatedOIDC
# aws-region: "us-east-1"
# # Hello from AWS: WhoAmI
# - name: Sts GetCallerIdentity
# run: |
# aws sts get-caller-identity
- name: Install Gitleaks
run: |
wget https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_linux_x64.tar.gz
tar -xzvf gitleaks_8.17.0_linux_x64.tar.gz
chmod +x gitleaks
- name: Run Gitleaks
run: |
./gitleaks detect -v --report-format json --redact --no-git --source . --report-path report.json --exit-code 0
- name: Upload to security Hub
run: |
pip install boto3==1.27.0 pydantic==2.0.1
python ./upload_data_to_security_hub.py