124906d084
- Introduced multiple guides for workflows including Evidence Pack Validation, Incident Response, Model Validation, Performance & HIL, Release Signing, SBOM Validation, Secret Scanning, and Supply Chain Attestation. - Created dynamic badges for each workflow to reflect their status and compliance. - Implemented a checklist for validating CI/CD workflows and evidence packs. - Developed scripts for building firmware, testing, collecting evidence, and generating audit reports. - Added tools for generating community, documentation, quality, and security badges based on various reports. - Established endpoints for dynamic badges to be integrated into documentation and README files. - Enhanced the overall structure and traceability of CI/CD processes with evidence packs and automated checks.
25 lines
620 B
YAML
25 lines
620 B
YAML
name: Secret Scanning
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
secret_scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Scan secrets (Gitleaks)
|
|
run: |
|
|
gitleaks detect --source . --report docs/secret-scan-report.json --exit-code 0
|
|
- name: Scan secrets (TruffleHog)
|
|
run: |
|
|
trufflehog filesystem . --json > docs/trufflehog-report.json || true
|
|
- name: Upload reports
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: secret-scan
|
|
path: docs/secret-scan-report.json
|