update gitleaks

scania · Jul 15, 2024 · 1dad9e5 · 1dad9e5
1 parent eedd113
commit 1dad9e5
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 48 deletions.
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -1,32 +1,32 @@
-name: "Find Secrets"
-on:
-  pull_request:
-  push:
-  workflow_dispatch:
-  # schedule:
-  #   - cron: "0 6 * * *" 
+# name: "Find Secrets"
+# on:
+#   pull_request:
+#   push:
+#   workflow_dispatch:
+#   # schedule:
+#   #   - cron: "0 6 * * *" 
 
-permissions:
- id-token: write
- contents: read
- actions: read
- security-events: write
+# permissions:
+#  id-token: write
+#  contents: read
+#  actions: read
+#  security-events: write
 
-jobs:
-  scan:
-    name: gitleaks
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: gitleaks/[email protected]
-        name: Check any Leaked Secrets
-        with:
-         args: detect --redact -v -f sarif -r ./gitleaks_scan.sarif
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITLEAKS_ENABLE_COMMENTS: 'true'
-          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+# jobs:
+#   scan:
+#     name: gitleaks
+#     runs-on: ubuntu-latest
+#     steps:
+#       - uses: actions/checkout@v4
+#         with:
+#           fetch-depth: 0
+#       - uses: gitleaks/[email protected]
+#         name: Check any Leaked Secrets
+#         with:
+#          args: detect --redact -v -f sarif -r ./gitleaks_scan.sarif
+#         env:
+#           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#           GITLEAKS_ENABLE_COMMENTS: 'true'
+#           GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
 
 
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -242,25 +242,26 @@ jobs:
           vuln-type: 'os,library'
         continue-on-error: true
 
-      # # Gitleaks
-      # - name: Checkout repository
-      #   uses: actions/checkout@v4
-      #   with:
-      #     fetch-depth: 0
-      #     clean: false
+      # Gitleaks
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          clean: false
 
-      # - name: Run Gitleaks manually
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #     GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Required for Organizations, not personal accounts.
-      #   run: |
-      #     git clone https://github.com/gitleaks/gitleaks.git
-      #     cd gitleaks
-      #     make build
-      #     ./gitleaks detect -v -f sarif -r ../gitleaks_scan.sarif -s ../        
+      - name: Run Gitleaks manually
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Required for Organizations, not personal accounts.
+        run: |
+          git clone https://github.com/gitleaks/gitleaks.git
+          cd gitleaks
+          make build
+          ./gitleaks detect -v -f sarif -r ../gitleaks_scan.sarif -s ../        
         
-      # - name: Upload Gitleaks scan results to GitHub Security tab
-      #   if: always()
-      #   uses: github/codeql-action/upload-sarif@v3
-      #   with:
-      #     sarif_file: 'gitleaks_scan.sarif'
+      - name: Upload Gitleaks scan results to GitHub Security tab
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: my-artifact
+          path: ../gitleaks_scan.sarif