mirror of https://github.com/carhartl/talisman-secrets-scan-action.git synced 2024-12-03 13:04:33 +00:00

Scan incoming commits for secrets with Talisman.

Find a file

Klaus Hartl 263098b1a2 Test for release script dependency		2023-02-19 12:50:56 +01:00
.github/workflows	Run test workflow from any branch for testing	2021-09-23 18:02:15 +02:00
.talismanrc	Update readme for v1.4.0	2023-02-17 12:08:28 +01:00
action.yml	Add branding for releasing to marketplace	2021-09-19 09:20:19 +02:00
Dockerfile	Apply prettier fixes	2023-02-18 10:08:35 +01:00
entrypoint.sh	Add safe directory git config	2022-04-13 17:47:21 +02:00
lefthook.yml	Add lefthook based git hooks setup	2023-02-18 10:09:18 +01:00
README.md	Update readme for v1.4.0	2023-02-17 12:08:28 +01:00
run.sh	Test for release script dependency	2023-02-19 12:50:56 +01:00

README.md

Detect secrets with Talisman action

This action uses Talisman to scan the incoming (pushed) range of commits for accidentally added secrets and sensitive information. It mimics a pre-push hook for this, thus it works nicely with a local git hook in tandem, that is as a fallback, last line of defense.

Example usage

steps:
  - name: Detect secrets with Talisman in incoming commits
    uses: carhartl/talisman-secrets-scan-action@v1.4.0

Caveat

When using this along with the actions/checkout@v2 step you'll need to configure it to avoid a too shallow clone:

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Otherwise you may run into Talisman erroring out while it's trying to execute git with an invalid revision range:

time="2021-09-19T07:07:32Z" level=fatal msg="Git command execution failed" command="git diff 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690 --name-only --diff-filter=ACM" dir=/github/workspace error="exit status 128" output="fatal: Invalid revision range 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690\n"