Create secret-scanning.yml

Create secret-scanning workflow

Author: theangrytech-git

.github/workflows/secret-scanning.yml

@@ -0,0 +1,33 @@
+name: MSDO Secret Scan
+
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:      # Allow manual runs
+  workflow_call:          # Allow other workflows to call this one
+
+jobs:
+  secret-scan:
+    name: Run MSDO Secret Scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Setup .NET for MSDO
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: '7.0.x'   # Make sure this matches your environment
+
+      - name: Install MSDO CLI
+        run: dotnet tool install --global Microsoft.Security.DevOps.Cli
+
+      - name: Run Secret Scan with MSDO
+        run: |
+          msdo scan --src . --output results.sarif --policy minimal
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif