Skip to content

Commit f4e15b5

Browse files
brijeshp56brijeshp56
authored
PDP-684 : Update trufflehog-scan.yml
PDP-684 : Update trufflehog-scan.yml
1 parent a0015e2 commit f4e15b5

File tree

1 file changed

+3
-21
lines changed

1 file changed

+3
-21
lines changed

.github/workflows/trufflehog-scan.yml

Lines changed: 3 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,7 @@ jobs:
7575
id: parse
7676
if: github.event_name != 'workflow_dispatch'
7777
run: |
78-
echo "========================================"
79-
echo "SCANNING PR CHANGES"
80-
echo "========================================"
78+
echo "Parsing TruffleHog results..."
8179
8280
VERIFIED_COUNT=0
8381
UNVERIFIED_COUNT=0
@@ -94,19 +92,7 @@ jobs:
9492
--branch ${{ github.event.pull_request.head.sha }} \
9593
--json \
9694
${{ steps.config.outputs.exclude_args }} \
97-
--no-update 2>&1 || true)
98-
99-
echo "========================================"
100-
echo "FILES SCANNED BY TRUFFLEHOG"
101-
echo "========================================"
102-
SCANNED_FILES=$(echo "$SCAN_OUTPUT" | jq -r 'select(.SourceMetadata.Data.Git.file) | .SourceMetadata.Data.Git.file' | sort -u 2>/dev/null || echo "")
103-
if [ -n "$SCANNED_FILES" ]; then
104-
echo "$SCANNED_FILES"
105-
else
106-
echo "No secrets found. Files that were scanned:"
107-
git diff --name-only ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}
108-
fi
109-
echo "========================================"
95+
--no-update 2>/dev/null || true)
11096
11197
if [ -n "$SCAN_OUTPUT" ]; then
11298
while IFS= read -r line; do
@@ -125,8 +111,6 @@ jobs:
125111
DETECTOR=$(echo "$line" | jq -r '.DetectorName // "Secret"')
126112
VERIFIED=$(echo "$line" | jq -r '.Verified // false')
127113
128-
echo "Found: ${DETECTOR} in ${FILE}:${LINE_NUM} (Verified: ${VERIFIED})"
129-
130114
if [ "$VERIFIED" == "true" ]; then
131115
VERIFIED_COUNT=$((VERIFIED_COUNT + 1))
132116
echo "::error file=${FILE},line=${LINE_NUM},title=${DETECTOR} [VERIFIED]::VERIFIED ACTIVE CREDENTIAL: ${DETECTOR} found in ${FILE} at line ${LINE_NUM}. This secret is confirmed active. Remove and rotate immediately!"
@@ -137,11 +121,9 @@ jobs:
137121
done <<< "$SCAN_OUTPUT"
138122
fi
139123
140-
echo ""
141-
echo "Verified: ${VERIFIED_COUNT}, Unverified: ${UNVERIFIED_COUNT}"
142-
143124
echo "verified_count=${VERIFIED_COUNT}" >> $GITHUB_OUTPUT
144125
echo "unverified_count=${UNVERIFIED_COUNT}" >> $GITHUB_OUTPUT
126+
echo "Scan complete: ${VERIFIED_COUNT} verified, ${UNVERIFIED_COUNT} unverified secrets found"
145127
146128
- name: Process scan results
147129
id: process

0 commit comments

Comments
 (0)