Add action documentation (#439)

trufflesecurity · Apr 21, 2022 · f7f8b2d · f7f8b2d
1 parent 5b6c9f7
commit f7f8b2d
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -147,6 +147,41 @@ Try scanning an entire GitHub organization with the following:
 docker run -it -v "$PWD:/pwd" trufflesecurity/trufflehog:latest github --org=trufflesecurity
 ```
 
+### TruffleHog OSS Github Action
+
+```- name: TruffleHog OSS
+  uses: trufflesecurity/trufflehog@v3.3.3
+  with:
+    # Repository path
+    path: 
+    # Start scanning from here (usually main branch).
+    base: 
+    # Scan commits until here (usually dev branch).
+    head: # optional
+```
+
+The TruffleHog OSS Github Action can be used to scan a range of commits for leaked credentials. The action will fail if
+any results are found.
+
+For example, to scan the contents of pull requests you could use the following workflow:
+```yaml
+name: Leaked Secrets Scan
+on: [pull_request]
+jobs:
+  TruffleHog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@v3.3.4
+        with:
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+```
 
 ## Contributors