-
Notifications
You must be signed in to change notification settings - Fork 1
52 lines (44 loc) · 1.62 KB
/
gitguardian.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: GitGuardian scan
on: [push, pull_request]
jobs:
scanning:
name: GitGuardian scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
- name: GitGuardian scan
uses: GitGuardian/ggshield-action@master
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
name: "GitGuardian Shield Action"
description: "Scan commits for secrets and other issues."
author: GitGuardian <support@gitguardian.com>
inputs:
args:
description: |
Arguments to be passed to ggshield secret scan
Options:
--show-secrets Show secrets in plaintext instead of hiding them.
--exit-zero Always return a 0 (non-error) status code, even if issues
are found. The env var GITGUARDIAN_EXIT_ZERO can also be used
to set this option.
--all-policies Present fails of all policies (Filenames, FileExtensions,
Secret Detection). By default, only Secret Detection is
shown.
-v, --verbose Verbose display mode.
required: false
branding:
icon: "shield"
color: "blue"
runs:
using: "docker"
image: "Dockerfile"
args:
- ${{ inputs.args }}