Replace deprecated GHA #5

Workflow file for this run

.github/workflows/trufflehog.yml at 3b5fc82

	name: Trufflehog security scan

	on:
	schedule:
	- cron: '0 10 * * *'
	push:
	branches-ignore:
	- master

	jobs:
	trufflehog-vulnerability-detection:
	runs-on: ubuntu-latest

	steps:
	- name: Check out repository
	uses: actions/checkout@v3

	- name: Set up TruffleHog
	run: \|
	sudo apt-get update && sudo apt-get install -y git curl jq
	curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \| sh -s -- -b /usr/local/bin

	- name: Display File Structure
	run: \|
	echo "Displaying file structure..."
	find . -type f

	- name: Run TruffleHog Scan
	id: truffle_hog-scan
	env:
	SCAN_PATH: "."
	run: \|
	trufflehog filesystem "$SCAN_PATH" --only-verified --fail --json \| tee trufflehog_output.json

	- name: Extract Trufflehog Scan Data for Slack
	id: extract_trufflehog_data
	run: \|
	# Extract fields from JSON
	SCAN_DURATION=$(jq -r '.scan_duration' trufflehog_output.json)
	CHUNKS=$(jq -r '.chunks' trufflehog_output.json)
	BYTES=$(jq -r '.bytes' trufflehog_output.json)
	VERIFIED_SECRETS=$(jq -r '.verified_secrets' trufflehog_output.json)
	UNVERIFIED_SECRETS=$(jq -r '.unverified_secrets' trufflehog_output.json)
	VERSION=$(jq -r '.trufflehog_version' trufflehog_output.json)

	# Save variables to environment file for future steps
	echo "SCAN_DURATION=$SCAN_DURATION" >> $GITHUB_ENV
	echo "CHUNKS=$CHUNKS" >> $GITHUB_ENV
	echo "BYTES=$BYTES" >> $GITHUB_ENV
	echo "VERIFIED_SECRETS=$VERIFIED_SECRETS" >> $GITHUB_ENV
	echo "UNVERIFIED_SECRETS=$UNVERIFIED_SECRETS" >> $GITHUB_ENV
	echo "VERSION=$VERSION" >> $GITHUB_ENV

	- name: Send Slack Notification
	id: slack
	uses: slackapi/[email protected]
	with:
	payload: \|
	{
	"text": "Trufflehog scan completed for ${{ github.repository }}",
	"attachments": [
	{
	"pretext": "Trufflehog scan details:",
	"color": "#36a64f",
	"fields": [
	{
	"title": "Chunks Scanned",
	"value": "${{ steps.extract_trufflehog_data.outputs.chunks }}",
	"short": true
	},
	{
	"title": "Bytes Scanned",
	"value": "${{ steps.extract_trufflehog_data.outputs.bytes }}",
	"short": true
	},
	{
	"title": "Verified Secrets",
	"value": "${{ steps.extract_trufflehog_data.outputs.verified_secrets }}",
	"short": true
	},
	{
	"title": "Unverified Secrets",
	"value": "${{ steps.extract_trufflehog_data.outputs.unverified_secrets }}",
	"short": true
	},
	{
	"title": "Scan Duration",
	"value": "${{ steps.extract_trufflehog_data.outputs.scan_duration }}",
	"short": true
	},
	{
	"title": "Trufflehog Version",
	"value": "${{ steps.extract_trufflehog_data.outputs.version }}",
	"short": true
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace deprecated GHA #5

Workflow file

Replace deprecated GHA #5

Jobs

Run details

Workflow file for this run