Update secret-scanning.yml

Updated .gdn settings to specifically search specific extensions

Author: theangrytech-git

.github/workflows/secret-scanning.yml

@@ -24,35 +24,45 @@ jobs:
           git clone https://github.com/${{ github.repository }} .
           git checkout ${{ github.ref_name }}
 
-      - name: Inject .gdnsettings to force .tf secret scanning
+      - name: Inject .gdnsettings to support secrets detection in Terraform, Bicep, ARM, Python, and YAML
         run: |
           mkdir -p .gdn
-          echo '{
+          cat <<EOF > .gdn/.gdnsettings
+          {
             "version": "1.0",
             "fileFiltering": {
-              "filePathIncludes": ["**/*.tf"],
+              "filePathIncludes": [
+                "**/*.tf",
+                "**/*.tfvars",
+                "**/*.bicep",
+                "**/*.json",
+                "**/*template*.json",
+                "**/*.py",
+                "**/*.yml",
+                "**/*.yaml"
+              ],
               "fileNameExcludes": [],
               "filePathExcludes": []
             },
             "toolConfigurations": {
               "credscan": {
                 "enabled": true,
                 "parameters": {
-                  "extension": ".tf",
                   "scanUnknownExtensions": true,
-                  "severity": "high"
+                  "severity": "low"
                 }
               }
             },
             "break": {
               "policies": [
                 {
                   "tool": "credscan",
-                  "minimumSeverity": "medium"
+                  "minimumSeverity": "low"
                 }
               ]
             }
-          }' > .gdn/.gdnsettings
+          }
+          EOF
 
       - name: Set tool to only run secret scan
         run: echo "TOOLS=credscan" >> $GITHUB_ENV