Description
Hi There,
I have the trufflehog binary installed and executing the binary with the following flags returns several identified secrets within the directory. This was run in a directory that has our app code.
trufflehog --no-verification --no-update --fail filesystem .
I tried to implement the trufflehog action to perform the same scan and return the same results using the following workflow:
name: "TruffleHog OSS"
on:
push:
branches:
- main
workflow_dispatch:
jobs:
TruffleHog:
runs-on: self-hosted
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
repository: 'company/app'
ref: 'master'
token: '${{ secrets.GH_TOKEN }}'
fetch-depth: 0
- run: ls -la
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: master
head: HEAD
extra_args: --debug --no-verification
The ls step was included to confirm that the checkout actions correctly clones our application code from the configured repository, however the trufflehog step returns the following:
🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
2023-03-02T[18](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:19):23:41Z info-1 trufflehog scanning repo {"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "repo": "https://github.com/company_name/app", "base": "87cd88cd803464a0b39fd431ee02287f06ae9572", "head": "87cd88cd803464a0b39fd431ee02287f06ae9572"}
[20](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:21)23-03-02T18:23:41Z info-1 trufflehog reached base commit {"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "repo": "https://github.com/company_name/webapp", "commit": "87cd88cd803464a0b39fd431ee02287f06ae9572"}
2023-03-02T18:23:41Z info-1 trufflehog scanning staged changes {"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "path": "./"}
2023-03-02T18:23:41Z info-1 trufflehog scanning git repo complete {"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "Repo": "https://github.com/company_name/webapp", "path": "./", "time": 14662608}
20[23](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:24)-03-02T18:23:42Z info-2 trufflehog finished scanning {"chunks": 0, "bytes": 0}
2023/03/02 18:23:42 [updater parent] prog exited with 0
No secrets are found whereas executing the binary locally identifies several secrets and presents them in the following format:
Found unverified result 🐷🔑❓
Detector Type: Postmark
Decoder Type: PLAIN
Raw result: d2589a75-83e8-4a5f-sjf9-37cc21a3449a
File: file/Controller/Company_Controller.php
Do you see any problem with the action implementation? Can anyone share examples that work?