Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Execution completes without identifying secrets #1152

Open
ralphotowo opened this issue Mar 3, 2023 · 0 comments
Open

Execution completes without identifying secrets #1152

ralphotowo opened this issue Mar 3, 2023 · 0 comments

Comments

@ralphotowo
Copy link

Hi There,

I have the trufflehog binary installed and executing the binary with the following flags returns several identified secrets within the directory. This was run in a directory that has our app code.
trufflehog --no-verification --no-update --fail filesystem .

I tried to implement the trufflehog action to perform the same scan and return the same results using the following workflow:

name: "TruffleHog OSS"
on:
  push:
    branches:
    - main
  workflow_dispatch:

jobs:
  TruffleHog:
    runs-on: self-hosted
    steps:

    - name: Checkout code
      uses: actions/checkout@v3
      with:
        repository: 'company/app'
        ref: 'master'
        token: '${{ secrets.GH_TOKEN }}'
        fetch-depth: 0

    - run: ls -la

    - name: TruffleHog OSS
      uses: trufflesecurity/trufflehog@main
      with:
        path: ./
        base: master
        head: HEAD
        extra_args: --debug --no-verification

The ls step was included to confirm that the checkout actions correctly clones our application code from the configured repository, however the trufflehog step returns the following:

🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷
2023-03-02T[18](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:19):23:41Z	info-1	trufflehog	scanning repo	{"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "repo": "https://github.com/company_name/app", "base": "87cd88cd803464a0b39fd431ee02287f06ae9572", "head": "87cd88cd803464a0b39fd431ee02287f06ae9572"}
[20](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:21)23-03-02T18:23:41Z	info-1	trufflehog	reached base commit	{"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "repo": "https://github.com/company_name/webapp", "commit": "87cd88cd803464a0b39fd431ee02287f06ae9572"}
2023-03-02T18:23:41Z	info-1	trufflehog	scanning staged changes	{"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "path": "./"}
2023-03-02T18:23:41Z	info-1	trufflehog	scanning git repo complete	{"source_type": "SOURCE_TYPE_GIT", "source_name": "git", "Repo": "https://github.com/company_name/webapp", "path": "./", "time": 14662608}
20[23](https://github.com/company_name/trufflehog/actions/runs/43170445177/jobs/75335504292#step:6:24)-03-02T18:23:42Z	info-2	trufflehog	finished scanning	{"chunks": 0, "bytes": 0}
2023/03/02 18:23:42 [updater parent] prog exited with 0

No secrets are found whereas executing the binary locally identifies several secrets and presents them in the following format:

Found unverified result 🐷🔑❓
Detector Type: Postmark
Decoder Type: PLAIN
Raw result: d2589a75-83e8-4a5f-sjf9-37cc21a3449a
File: file/Controller/Company_Controller.php

Do you see any problem with the action implementation? Can anyone share examples that work?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ralphotowo