actions/talisman-secrets-scan-action
1
0
Fork 0
mirror of https://github.com/carhartl/talisman-secrets-scan-action.git synced 2024-12-04 21:30:23 +00:00
Code Issues Releases Wiki Activity
talisman-secrets-scan-action/README.md

26 lines
1.1 KiB
Markdown
Raw Normal View History

Add readme
2021-09-19 06:25:13 +00:00
# Detect secrets with Talisman action
This action uses [Talisman](https://thoughtworks.github.io/talisman/) to scan the incoming (pushed) range of commits for accidentally added secrets and sensitive information. It mimics a pre-push hook for this, thus it works nicely with a local git hook in tandem, that is as a fallback, last line of defense.
## Example usage
```yml
Make example work with proper version As released..
2021-09-20 07:27:30 +00:00
uses: carhartl/talisman-secrets-scan-action@v1.0
Add readme
2021-09-19 06:25:13 +00:00
```
Add caveat to readme
2021-09-19 07:15:03 +00:00
## Caveat
When using this along with the `actions/checkout@v2` step, you'll need to configure it to fetch the entire history:
```yml
- uses: actions/checkout@v2
with:
fetch-depth: 0
```
Otherwise you'll run into talisman erroring out while it's trying to execute git with an invalid revision range:
```
time="2021-09-19T07:07:32Z" level=fatal msg="Git command execution failed" command="git diff 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690 --name-only --diff-filter=ACM" dir=/github/workspace error="exit status 128" output="fatal: Invalid revision range 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690\n"
```
Reference in a new issue Copy permalink