Skip to content

Commit 2ccddea

Browse files
committed
fix: use docker-based TruffleHog scan for scheduled runs
1 parent a26b614 commit 2ccddea

1 file changed

Lines changed: 9 additions & 6 deletions

File tree

.github/workflows/security-audit.yml

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,15 @@ jobs:
3232
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3333
with:
3434
fetch-depth: 0
35-
- uses: trufflesecurity/trufflehog@47e7b7cd74f578e1e3145d48f669f22fd1330ca6 # v3.94.3
36-
with:
37-
path: ./
38-
base: ${{ github.event.repository.default_branch }}
39-
head: HEAD
40-
extra_args: --results=verified,unknown
35+
- name: TruffleHog scan
36+
run: |
37+
docker run --rm -v "$GITHUB_WORKSPACE:/tmp" -w /tmp \
38+
ghcr.io/trufflesecurity/trufflehog:latest \
39+
git file:///tmp/ \
40+
--only-verified \
41+
--fail \
42+
--no-update \
43+
--github-actions
4144
4245
semgrep:
4346
name: Semgrep (SAST)

0 commit comments

Comments
 (0)