docs: PEM-6808: Adding AWS Secret Cloud documentation #12330
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is required on all repositories in the organization. It is used to scan the repository for secrets using GitLeaks. | |
| # In the event of an error, the workflow will fail and the secrets will be displayed in the logs. Review the logs to determine the source of the secrets and remove them from the repository. | |
| # If the secret finding is a false positive, add the secret to the .gitleaksignore file in the repository. | |
| name: GitLeaks | |
| on: [pull_request] | |
| concurrency: | |
| group: gitleaks-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| gitleaks-scan: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: gcr.io/spectro-dev-public/bulwark/gitleaks:latest | |
| env: | |
| REPO: ${{ github.event.repository.name }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITLEAKS_CONFIG: config.toml | |
| steps: | |
| - name: run-bulwark-gitleaks-scan | |
| shell: sh | |
| env: | |
| BRANCH: ${{ github.head_ref || github.ref_name }} | |
| run: /workspace/bulwark -name CodeSASTGitLeaks -target $REPO -tags "branch:$BRANCH,options:--log-opts origin..HEAD" | |
| - name: check-result | |
| shell: sh | |
| run: | | |
| resultPath=./$REPO/gitleaks.json | |
| cat $resultPath | grep -v \"Match\"\: | grep -v \"Secret\"\: | |
| total_failed_tests=`cat $resultPath | grep \"Fingerprint\"\: | wc -l` | |
| if [ "$total_failed_tests" -gt 0 ]; then | |
| echo "GitLeaks validation check failed with above findings..." | |
| exit 1 | |
| else | |
| echo "GitLeaks validation check passed" | |
| fi |