Update Secret Scan Log Forwarding (#146)

Jeffreyhung · web-flow · commit db5a9a838f09 · 2024-10-30T13:05:22.000-04:00
* send failed result to panther

* rename variables

* remove unnecessary `&lt;`

* add continue on error

* send logs to panther for all scans

* remove redundant "

* bump trufflehog to 3.82.13

* missing double quote
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
@@ -29,8 +29,8 @@ jobs:
         #   echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT"
         #   echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT"
         run: |
-          echo "latest_tag_name=v3.80.3" >> "$GITHUB_OUTPUT"
-          echo "latest_release=3.80.3" >> "$GITHUB_OUTPUT"
+          echo "latest_tag_name=v3.82.13" >> "$GITHUB_OUTPUT"
+          echo "latest_release=3.82.13" >> "$GITHUB_OUTPUT"
 
       - name: Download and verify TruffleHog release
         run: |
@@ -64,11 +64,10 @@ jobs:
           fi
       - name: Send Alert to Panther
         id: alert
-        if: steps.scan.outcome != 'success'
         run: |
           curl "${{vars.SECRET_SCAN_PANTHER_WEBHOOK_URL}}" \
             --header "Authorization: Bearer ${{ secrets.SECRET_SCAN_PANTHER_WEBHOOK_HEADER }}" \
-            --data '{"event":"github_secret_scanning_failed", createdAt:"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}"","actor":"${{ github.event.pull_request.user.login }}"}'
+            --data '{"event":"github_secret_scanning", "status":${{steps.scan.outcome}}, "createdAt":"${{ github.event.pull_request.created_at }}", "repo":"${{ github.repository }}","pull_request":"https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}","actor":"${{ github.event.pull_request.user.login }}"}'
       - name: Fail workflow if secret detected
         if: steps.scan.outcome != 'success'
         run: exit 1
