33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
name: GitGuardian scan
|
|
|
|
on: [push]
|
|
|
|
permissions:
|
|
contents: read # GitGuardian only needs to read.
|
|
|
|
jobs:
|
|
scanning:
|
|
name: GitGuardian scan
|
|
runs-on: ubuntu-latest
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0 # fetch all history so multiple commits can be scanned
|
|
- name: GitGuardian scan
|
|
uses: GitGuardian/ggshield-action@0ebefb9aad794cfe4ea98897204db50e20ad5a00 # master
|
|
env:
|
|
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
|
|
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
|
|
GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
|
|
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
|
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
|