Why This Is Important
Security: Detects secrets, credentials, and sensitive information accidentally committed to the repository.
Automation: Ensures every push, pull request, or scheduled run automatically scans for leaks.
Tasks
- Configure a new GitHub Actions workflow (
.github/workflows/trufflehog.yml).
- Install and run
trufflehog against the repository codebase.
- Set triggers for
push and pull_request events.
- Define exclusions (e.g., test data, mock files) if necessary.
- Ensure scan results are surfaced in the Actions logs.
- Optionally, configure alerts or fail builds when high-severity findings are detected.
Acceptance Criteria
- A GitHub Actions workflow file exists with
trufflehog integrated.
- Workflow runs automatically on
push and pull_request.
- Sensitive data leaks (if any) are detected and reported in the logs.
.
Why This Is Important
Security: Detects secrets, credentials, and sensitive information accidentally committed to the repository.
Automation: Ensures every push, pull request, or scheduled run automatically scans for leaks.
Tasks
.github/workflows/trufflehog.yml).trufflehogagainst the repository codebase.pushandpull_requestevents.Acceptance Criteria
trufflehogintegrated.pushandpull_request..