Update secret-scanning.yml

Updated to match secret-scanning.yml

Author: theangrytech-git

secret-scanning.yml

@@ -1,4 +1,5 @@
-name: msdo-secret-scanning
+# Added seperately in case there is a need to run it seperately
+name: msdo-secret-scanning 
 
 on:
   workflow_call:
@@ -24,6 +25,47 @@ jobs:
           git clone https://github.com/${{ github.repository }} .
           git checkout ${{ github.ref_name }}
 
+      - name: Inject .gdnsettings to support secrets detection in Terraform, Bicep, ARM, Python, and YAML
+        run: |
+          mkdir -p .gdn
+          cat <<EOF > .gdn/.gdnsettings
+          {
+            "version": "1.0",
+            "fileFiltering": {
+              "filePathIncludes": [
+                "**/*.tf",
+                "**/*.tfvars",
+                "**/*.bicep",
+                "**/*.json",
+                "**/*template*.json",
+                "**/*.py",
+                "**/*.yml",
+                "**/*.yaml"
+              ],
+              "fileNameExcludes": [],
+              "filePathExcludes": []
+            },
+            "toolConfigurations": {
+              "credscan": {
+                "enabled": true,
+                "parameters": {
+                  "scanUnknownExtensions": true,
+                  "scanAllFiles": true,
+                  "severity": "low"
+                }
+              }
+            },
+            "break": {
+              "policies": [
+                {
+                  "tool": "credscan",
+                  "minimumSeverity": "low"
+                }
+              ]
+            }
+          }
+          EOF
+
       - name: Set tool to only run secret scan
         run: echo "TOOLS=credscan" >> $GITHUB_ENV
 
@@ -69,7 +111,7 @@ jobs:
           "tool_name": "MSDO-CredScan"
           }
           EOF
-          
+
       # - name: Alert to Microsoft Teams on secret detection
       #   if: github.repository_visibility == 'public'
       #   run: |