Skip to content

Commit af85507

Browse files
m1rl0km1rl0k
committed
fix
1 parent 47779c2 commit af85507

File tree

3 files changed

+25
-15
lines changed

3 files changed

+25
-15
lines changed

.github/workflows/secret-scan.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ jobs:
4747
manage-llm-server: 'true'
4848

4949
- name: Upload SARIF to GitHub Security
50-
uses: github/codeql-action/upload-sarif@v3
50+
uses: github/codeql-action/upload-sarif@v4
5151
if: always()
5252
with:
5353
sarif_file: gosecretscanner-results.sarif

action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -277,7 +277,7 @@ runs:
277277
278278
- name: Upload SARIF to GitHub Security
279279
if: inputs.sarif-file != '' && always()
280-
uses: github/codeql-action/upload-sarif@v3
280+
uses: github/codeql-action/upload-sarif@v4
281281
with:
282282
sarif_file: ${{ inputs.sarif-file }}
283283
continue-on-error: true

main.go

Lines changed: 23 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -410,17 +410,27 @@ func main() {
410410
excludeGlobList = append(excludeGlobList, filepath.ToSlash(p))
411411
}
412412

413+
// Helper to print status messages (stderr for JSON/SARIF, stdout for text)
414+
outputFormat := *output
415+
statusPrint := func(format string, args ...interface{}) {
416+
if outputFormat == "json" || outputFormat == "sarif" {
417+
fmt.Fprintf(os.Stderr, format, args...)
418+
} else {
419+
fmt.Printf(format, args...)
420+
}
421+
}
422+
413423
// Load baseline ONLY if explicitly specified via --baseline flag
414424
// Baseline is opt-in - by default we report ALL findings
415425
loadedBaseline = baseline.New()
416426
if *baselinePath != "" {
417427
loadedBaseline, err = baseline.Load(*baselinePath)
418428
if err != nil {
419-
fmt.Printf("%sError loading baseline: %v%s\n", RedColor, err, ResetColor)
429+
fmt.Fprintf(os.Stderr, "%sError loading baseline: %v%s\n", RedColor, err, ResetColor)
420430
os.Exit(1)
421431
}
422432
if loadedBaseline.Count() > 0 {
423-
fmt.Printf("%sLoaded baseline with %d known findings (will be suppressed)%s\n", YellowColor, loadedBaseline.Count(), ResetColor)
433+
statusPrint("%sLoaded baseline with %d known findings (will be suppressed)%s\n", YellowColor, loadedBaseline.Count(), ResetColor)
424434
}
425435
}
426436

@@ -439,11 +449,11 @@ func main() {
439449

440450
pipeline, err = verification.NewPipeline(pipelineConfig)
441451
if err != nil {
442-
fmt.Printf("%sWarning: Failed to initialize LLM pipeline: %v%s\n", YellowColor, err, ResetColor)
443-
fmt.Printf("%sContinuing with standard detection only...%s\n\n", YellowColor, ResetColor)
452+
statusPrint("%sWarning: Failed to initialize LLM pipeline: %v%s\n", YellowColor, err, ResetColor)
453+
statusPrint("%sContinuing with standard detection only...%s\n\n", YellowColor, ResetColor)
444454
pipeline = nil
445455
} else {
446-
fmt.Printf("%sLLM verification enabled%s\n\n", GreenColor, ResetColor)
456+
statusPrint("%sLLM verification enabled%s\n\n", GreenColor, ResetColor)
447457
defer pipeline.Close()
448458
}
449459
}
@@ -458,7 +468,7 @@ func main() {
458468
}
459469

460470
// PHASE 1: Scan current working directory files (with LLM verification if enabled)
461-
fmt.Printf("Phase 1: Scanning current files...\n")
471+
statusPrint("Phase 1: Scanning current files...\n")
462472
{
463473
// Normal file system scanning
464474
var wg sync.WaitGroup
@@ -522,27 +532,27 @@ func main() {
522532

523533
wg.Wait()
524534
}
525-
fmt.Printf("Found %d potential secrets in current files\n", len(secretsFound))
535+
statusPrint("Found %d potential secrets in current files\n", len(secretsFound))
526536

527537
// PHASE 2: Scan git history (no LLM - can't access file content at old commits)
528538
// Git history scanning is ON by default. Use --no-git-history to skip.
529539
if isGitRepo && !*noGitHistory {
530-
fmt.Printf("\nPhase 2: Scanning git history...\n")
540+
statusPrint("\nPhase 2: Scanning git history...\n")
531541
var err error
532542
historySecrets, err = scanGitHistory(dir, *gitMaxCommits, *gitRef, *gitSinceDate, nil) // nil pipeline = no LLM
533543
if err != nil {
534-
fmt.Printf("%sWarning: Git history scan failed: %v%s\n", YellowColor, err, ResetColor)
544+
statusPrint("%sWarning: Git history scan failed: %v%s\n", YellowColor, err, ResetColor)
535545
} else {
536-
fmt.Printf("Found %d potential secrets in git history\n", len(historySecrets))
546+
statusPrint("Found %d potential secrets in git history\n", len(historySecrets))
537547
secretsFound = append(secretsFound, historySecrets...)
538548
}
539549
} else if !isGitRepo {
540-
fmt.Printf("\nSkipping git history scan (not a git repository)\n")
550+
statusPrint("\nSkipping git history scan (not a git repository)\n")
541551
} else if *noGitHistory {
542-
fmt.Printf("\nSkipping git history scan (--no-git-history)\n")
552+
statusPrint("\nSkipping git history scan (--no-git-history)\n")
543553
}
544554

545-
fmt.Printf("\nTotal: %d potential secrets found\n\n", len(secretsFound))
555+
statusPrint("\nTotal: %d potential secrets found\n\n", len(secretsFound))
546556

547557
// Apply config-based filtering (allowlists, disabled rules, entropy threshold)
548558
secretsFound = filterSecretsByConfig(secretsFound, compiledConfig)

0 commit comments

Comments
 (0)