Skip to content

Commit 18b83a3

Browse files
mdtromdtro
authored
chore: update trufflehog to 3.89.2 (#169)
1 parent f527440 commit 18b83a3

File tree

1 file changed

+2
-11
lines changed

1 file changed

+2
-11
lines changed

.github/workflows/secret-scan.yml

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,19 @@
11
name: Secret Scan
2-
32
on: [pull_request, merge_group]
4-
53
jobs:
64
secret-scan:
75
name: Secret Scan
86
runs-on: ubuntu-latest
97
permissions:
108
contents: "read"
11-
129
outputs:
1310
latest_release: ${{ steps.trufflehog_release.outputs.latest_release }}
1411
latest_tag_name: ${{ steps.trufflehog_release.outputs.latest_tag_name }}
15-
1612
steps:
1713
- name: Checkout Code
1814
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
19-
2015
- name: Install Cosign
2116
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
22-
2317
- name: Pin Trufflehog to a know good release
2418
id: trufflehog_release
2519
shell: bash
@@ -29,9 +23,8 @@ jobs:
2923
# echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT"
3024
# echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT"
3125
run: |
32-
echo "latest_tag_name=v3.88.25" >> "$GITHUB_OUTPUT"
33-
echo "latest_release=3.88.25" >> "$GITHUB_OUTPUT"
34-
26+
echo "latest_tag_name=v3.89.2" >> "$GITHUB_OUTPUT"
27+
echo "latest_release=3.89.2" >> "$GITHUB_OUTPUT"
3528
- name: Download and verify TruffleHog release
3629
run: |
3730
curl -sLO https://github.com/trufflesecurity/trufflehog/releases/download/${{ steps.trufflehog_release.outputs.latest_tag_name }}/trufflehog_${{ steps.trufflehog_release.outputs.latest_release }}_checksums.txt
@@ -46,12 +39,10 @@ jobs:
4639
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
4740
4841
sha256sum --ignore-missing -c trufflehog_${{ steps.trufflehog_release.outputs.latest_release }}_checksums.txt
49-
5042
- name: Extract TruffleHog
5143
run: |
5244
tar xzf trufflehog_${{ steps.trufflehog_release.outputs.latest_release }}_linux_amd64.tar.gz -C /usr/local/bin
5345
chmod +x /usr/local/bin/trufflehog
54-
5546
- name: Run TruffleHog scan
5647
continue-on-error: true
5748
id: scan

0 commit comments

Comments
 (0)