Skip to content

security

security #144

Workflow file for this run

name: security
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Weekly scan to catch any drift in dependencies / accidental commits
# that slipped past pre-commit.
- cron: "0 9 * * 1"
permissions:
contents: read
jobs:
gitleaks:
name: Secret scan
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Full history so we can scan the commit graph, not just HEAD.
fetch-depth: 0
- name: Run gitleaks
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}