Skip to content

Commit

Permalink
Setup Slack notification
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexanderM91
alexanderM91 committed Oct 15, 2024
1 parent 266cc55 commit c615675
Showing 1 changed file with 92 additions and 97 deletions.
189 changes: 92 additions & 97 deletions .github/workflows/trufflehog.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,107 +12,102 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Check out repository
uses: actions/checkout@v3

- name: Set up TruffleHog
run: |
sudo apt-get update && sudo apt-get install -y git curl jq
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Display File Structure
run: |
echo "Displaying file structure..."
find . -type f
- name: Run TruffleHog Scan
id: truffle_hog-scan
env:
SCAN_PATH: "."
run: |
trufflehog filesystem "$SCAN_PATH" --only-verified --fail --json | tee trufflehog_output.json
- name: Print TruffleHog Output (Debugging Step)
run: |
echo "Contents of trufflehog_output.json:"
cat trufflehog_output.json
- name: Extract Trufflehog Scan Data for Slack
id: extract_trufflehog_data
run: |
RESULT=$(tail -n 1 trufflehog_output.json)
SCAN_DURATION=$(echo $RESULT | jq -r '.scan_duration')
CHUNKS=$(echo $RESULT | jq -r '.chunks')
BYTES=$(echo $RESULT | jq -r '.bytes')
VERIFIED_SECRETS=$(echo $RESULT | jq -r '.verified_secrets')
UNVERIFIED_SECRETS=$(echo $RESULT | jq -r '.unverified_secrets')
VERSION=$(echo $RESULT | jq -r '.trufflehog_version')
echo "SCAN_DURATION=$SCAN_DURATION" >> $GITHUB_ENV
echo "CHUNKS=$CHUNKS" >> $GITHUB_ENV
echo "BYTES=$BYTES" >> $GITHUB_ENV
echo "VERIFIED_SECRETS=$VERIFIED_SECRETS" >> $GITHUB_ENV
echo "UNVERIFIED_SECRETS=$UNVERIFIED_SECRETS" >> $GITHUB_ENV
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Debugging - Print Environment Variables
run: |
echo "Chunks: $CHUNKS"
echo "Bytes: $BYTES"
echo "Verified Secrets: $VERIFIED_SECRETS"
echo "Unverified Secrets: $UNVERIFIED_SECRETS"
echo "Scan Duration: $SCAN_DURATION"
echo "Trufflehog Version: $VERSION"
# Check if variables are set in $GITHUB_ENV
cat $GITHUB_ENV
- name: Send Slack Notification
id: slack
uses: slackapi/[email protected]
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
payload: |
{
"text": "Trufflehog scan completed for ${{ github.repository }}",
"attachments": [
{
"pretext": "Trufflehog scan details:",
"color": "#36a64f",
"fields": [
{
"title": "Chunks Scanned",
"value": "${{ env.CHUNKS }}",
"short": true
},
{
"title": "Bytes Scanned",
"value": "${{ env.BYTES }}",
"short": true
},
{
"title": "Verified Secrets",
"value": "${{ env.VERIFIED_SECRETS }}",
"short": true
},
{
"title": "Unverified Secrets",
"value": "${{ env.UNVERIFIED_SECRETS }}",
"short": true
},
{
"title": "Scan Duration",
"value": "${{ env.SCAN_DURATION }}",
"short": true
},
{
"title": "Trufflehog Version",
"value": "${{ env.VERSION }}",
"short": true
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
extra_args: --only-verified

# - name: Print TruffleHog Output (Debugging Step)
# run: |
# echo "Contents of trufflehog_output.json:"
# cat trufflehog_output.json
#
# - name: Extract Trufflehog Scan Data for Slack
# id: extract_trufflehog_data
# run: |
# RESULT=$(tail -n 1 trufflehog_output.json)
#
# SCAN_DURATION=$(echo $RESULT | jq -r '.scan_duration')
# CHUNKS=$(echo $RESULT | jq -r '.chunks')
# BYTES=$(echo $RESULT | jq -r '.bytes')
# VERIFIED_SECRETS=$(echo $RESULT | jq -r '.verified_secrets')
# UNVERIFIED_SECRETS=$(echo $RESULT | jq -r '.unverified_secrets')
# VERSION=$(echo $RESULT | jq -r '.trufflehog_version')
#
# echo "SCAN_DURATION=$SCAN_DURATION" >> $GITHUB_ENV
# echo "CHUNKS=$CHUNKS" >> $GITHUB_ENV
# echo "BYTES=$BYTES" >> $GITHUB_ENV
# echo "VERIFIED_SECRETS=$VERIFIED_SECRETS" >> $GITHUB_ENV
# echo "UNVERIFIED_SECRETS=$UNVERIFIED_SECRETS" >> $GITHUB_ENV
# echo "VERSION=$VERSION" >> $GITHUB_ENV
#
# - name: Debugging - Print Environment Variables
# run: |
# echo "Chunks: $CHUNKS"
# echo "Bytes: $BYTES"
# echo "Verified Secrets: $VERIFIED_SECRETS"
# echo "Unverified Secrets: $UNVERIFIED_SECRETS"
# echo "Scan Duration: $SCAN_DURATION"
# echo "Trufflehog Version: $VERSION"
# # Check if variables are set in $GITHUB_ENV
# cat $GITHUB_ENV
#
# - name: Send Slack Notification
# id: slack
# uses: slackapi/[email protected]
# with:
# payload: |
# {
# "text": "Trufflehog scan completed for ${{ github.repository }}",
# "attachments": [
# {
# "pretext": "Trufflehog scan details:",
# "color": "#36a64f",
# "fields": [
# {
# "title": "Chunks Scanned",
# "value": "${{ env.CHUNKS }}",
# "short": true
# },
# {
# "title": "Bytes Scanned",
# "value": "${{ env.BYTES }}",
# "short": true
# },
# {
# "title": "Verified Secrets",
# "value": "${{ env.VERIFIED_SECRETS }}",
# "short": true
# },
# {
# "title": "Unverified Secrets",
# "value": "${{ env.UNVERIFIED_SECRETS }}",
# "short": true
# },
# {
# "title": "Scan Duration",
# "value": "${{ env.SCAN_DURATION }}",
# "short": true
# },
# {
# "title": "Trufflehog Version",
# "value": "${{ env.VERSION }}",
# "short": true
# }
# ]
# }
# ]
# }
# env:
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

0 comments on commit c615675

Please sign in to comment.