feat(secret-scanning): Forward alerts to Panther (#142)

* send failed result to panther

* rename variables

* remove unnecessary `<`

Author: Jeffreyhung

.github/workflows/secret-scan.yml

@@ -54,9 +54,20 @@ jobs:
           chmod +x /usr/local/bin/trufflehog
 
       - name: Run TruffleHog scan
+        id: scan
         run: |
           if [ -e .secret_scan_ignore ]; then
             trufflehog git file://. --only-verified --github-actions --fail --exclude-paths=.secret_scan_ignore --exclude-detectors="datadogtoken"
           else
             trufflehog git file://. --only-verified --github-actions --fail --exclude-detectors="datadogtoken"
           fi
+      - name: Send Alert to Panther
+        id: alert
+        if: steps.scan.outcome != 'success'
+        run: |
+          curl "${{vars.SECRET_SCAN_PANTHER_WEBHOOK_URL}}" \
+            --header "Authorization: Bearer ${{ secrets.SECRET_SCAN_PANTHER_WEBHOOK_HEADER }}" \
+            --data '{"event":"github_secret_scanning_failed", createdAt:"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}"","actor":"${{ github.event.pull_request.user.login }}"}'
+      - name: Fail workflow if secret detected
+        if: steps.scan.outcome != 'success'
+        run: exit 1