actions/talisman-secrets-scan-action
1
0
Fork 0
mirror of https://github.com/carhartl/talisman-secrets-scan-action.git synced 2024-12-04 13:27:27 +00:00
Code Issues Releases Wiki Activity
Scan incoming commits for secrets with Talisman.
21 commits 2 branches 7 tags 95 KiB
Shell 76.3%
Dockerfile 23.7%
Find a file
Klaus Hartl b80ec236d9
Make example work with proper version 
As released..
2021-09-20 09:27:30 +02:00
.github/workflows Set start commit in range for testing 2021-09-19 09:06:34 +02:00
action.yml Add branding for releasing to marketplace 2021-09-19 09:20:19 +02:00
Dockerfile Try installing git as part of the image 2021-09-18 10:04:00 +02:00
entrypoint.sh Fix talisman invocation 2021-09-18 09:00:57 +02:00
password.txt Add secret for testing 2021-09-19 08:45:27 +02:00
README.md Make example work with proper version 2021-09-20 09:27:30 +02:00

README.md

Detect secrets with Talisman action

This action uses Talisman to scan the incoming (pushed) range of commits for accidentally added secrets and sensitive information. It mimics a pre-push hook for this, thus it works nicely with a local git hook in tandem, that is as a fallback, last line of defense.

Example usage

uses: carhartl/talisman-secrets-scan-action@v1.0

Caveat

When using this along with the actions/checkout@v2 step, you'll need to configure it to fetch the entire history:

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Otherwise you'll run into talisman erroring out while it's trying to execute git with an invalid revision range:

time="2021-09-19T07:07:32Z" level=fatal msg="Git command execution failed" command="git diff 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690 --name-only --diff-filter=ACM" dir=/github/workspace error="exit status 128" output="fatal: Invalid revision range 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690\n"