Merge pull request #331 from rashley-iqt/new-workflows

added secrets scanning to pre-commit
IQTLabs · Feb 1, 2024 · ffe637d · ffe637d
2 parents 20c8e21 + 3eecee8
commit ffe637d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
@@ -10,13 +10,4 @@ jobs:
       uses: actions/checkout@v4
     - name: Scan for secrets
       id: scan
-      uses: IQTLabs/workflows/secret-scan
-
-    - name: Fail if found
-      if: steps.scan.outputs.verified-secrets != 0
-      uses: actions/github-script@v6
-      with:
-        script: |
-            core.info(`Number of verified secrets: ${{steps.scan.outputs.verified-secrets}}`)
-            core.info(`Number of unverified secrets: ${{steps.scan.outputs.unverified-secrets}}`)
-            core.setFailed('Secrets found. Please check the uploaded report')
+      uses: IQTLabs/workflows/secret-scan@main
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -25,3 +25,10 @@ repos:
     rev: v1.1.327
     hooks:
     - id: pyright
+  - repo: local
+    hooks:
+    - id: trufflehog
+      name: trufflehog
+      entry: bash -c 'docker run --rm -v "$(pwd):/workdir" -i --rm trufflesecurity/trufflehog:latest git file:///workdir --since-commit HEAD --only-verified --fail'
+      language: system
+      stages: ["commit", "push"]