{"id":24298253,"url":"https://github.com/accuknox/secret-scan-action","last_synced_at":"2026-03-06T22:33:01.546Z","repository":{"id":270791818,"uuid":"907239384","full_name":"accuknox/secret-scan-action","owner":"accuknox","description":"AccuKnox Secret Scan GitHub Action","archived":false,"fork":false,"pushed_at":"2025-12-17T08:24:30.000Z","size":54,"stargazers_count":6,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-20T21:45:23.751Z","etag":null,"topics":["secret","security","sensitive-data"],"latest_commit_sha":null,"homepage":"https://www.accuknox.com/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/accuknox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-12-23T06:27:41.000Z","updated_at":"2025-12-17T08:23:36.000Z","dependencies_parsed_at":"2025-10-15T18:05:13.240Z","dependency_job_id":"0e00ea56-cb1a-4734-837a-e016e8895a56","html_url":"https://github.com/accuknox/secret-scan-action","commit_stats":null,"previous_names":["accuknox/secret-scan-action"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/accuknox/secret-scan-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accuknox%2Fsecret-scan-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accuknox%2Fsecret-scan-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accuknox%2Fsecret-scan-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accuknox%2Fsecret-scan-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/accuknox","download_url":"https://codeload.github.com/accuknox/secret-scan-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accuknox%2Fsecret-scan-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30201014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T19:07:06.838Z","status":"ssl_error","status_checked_at":"2026-03-06T18:57:34.882Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["secret","security","sensitive-data"],"created_at":"2025-01-16T20:54:19.742Z","updated_at":"2026-03-06T22:33:01.517Z","avatar_url":"https://github.com/accuknox.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔑 Automate Secret Scanning with AccuKnox GitHub Action  \n\nThe **AccuKnox Secret Scan GitHub Action** detects **hardcoded secrets, credentials, API keys, and other sensitive information** within Git repositories.  \nIt integrates seamlessly with the **AccuKnox Console**, providing centralized visibility, risk tracking, and remediation across your development lifecycle.  \n\nCatch secrets before they leak — prevent breaches and protect your infrastructure with **shift-left security**.  \n\n---\n\n## 🎯 Key Features  \n✅ **Hardcoded Secret Detection** – Identify API keys, passwords, tokens, and other secrets in your code.  \n🔒 **Shift Left Security** – Integrate secret scanning directly into CI/CD pipelines.  \n📥 **Seamless Console Integration** – Upload findings to the AccuKnox dashboard for visibility and remediation tracking.  \n⚙️ **Flexible Configuration** – Supports branch selection, path exclusions, and custom scan arguments.  \n🚦 **Fail Builds on Violations** – Configure pipelines to fail on detected secrets or continue in soft-fail mode.  \n\n---\n\n## ⚠️ Prerequisites  \nBefore using this GitHub Action, ensure:  \n\n- 🔐 **AccuKnox Console Access** – Sign in to your AccuKnox tenant.  \n- 🗝️ **API Token** – Retrieve from AccuKnox Console (see Token Generation).  \n- 🏷️ **Label in Console** – Create a label to tag scan reports.  \n- 🔑 **GitHub Secrets Configured** – Store API token, endpoint, and label securely.  \n\n---\n\n## 📌 Installation \u0026 Usage  \n\n### Step 1: Retrieve AccuKnox Credentials  \n1. Log in to AccuKnox Console.  \n2. Navigate to **Settings → Tokens → Create Token**.  \n   - Save the token as `Accuknox_token`.  \n3. Create a **label** under **Dashboard → Labels** for scan results.  \n\n---\n\n### Step 2: Configure GitHub Secrets  \nIn your repository → **Settings → Secrets and variables → Actions → New repository secret**  \n\n| Secret Name        | Description |\n|---------------------|-------------|\n| `ACCUKNOX_TOKEN`   | AccuKnox API token |\n| `ACCUKNOX_ENDPOINT`| AccuKnox API endpoint (e.g., `cspm.demo.accuknox.com`) |\n| `ACCUKNOX_LABEL`   | Label for grouping results in AccuKnox Console |  \n\n---\n\n### Step 3: Define Your GitHub Workflow  \n\nCreate `.github/workflows/secret-scan.yml`:\n\n```yaml\nname: AccuKnox Secret Scan Workflow\n\non:\n  push:\n    branches:\n      - main\n  pull_request:\n    branches:\n      - main\n\njobs:\n  secret-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout code\n        uses: actions/checkout@v3\n\n      - name: Run Secret Scan\n        uses: accuknox/secret-scan-action@v0.0.1\n        with:\n          branch: \"main\"                              # Branch to scan\n          results: \"\"                                 # Types of results: verified, unknown, unverified, filtered_unverified\n          exclude_paths: \"tests/,docs/\"               # Paths to exclude\n          additional_arguments: \"\"                    # Extra arguments for the scanner\n          base_command: \"\"                            # Override default Docker command\n          output_format: json                         # Output format\n          output_file_path: \"./secret_results.json\"   # Output file path\n          accuknox_token: ${{ secrets.ACCUKNOX_TOKEN }}\n          accuknox_endpoint: ${{ secrets.ACCUKNOX_ENDPOINT }}\n          accuknox_label: ${{ secrets.ACCUKNOX_LABEL }}\n          soft_fail: true\n```\n\n## ⚙️ Configuration Options (Inputs)\n\n| Input                  | Description                                                   | Optional/Required | Default |\n|------------------------|---------------------------------------------------------------|------------------|---------|\n| `branch`               | Git branch to scan. Use `all-branches` to scan all branches   | Optional         | Latest commit SHA |\n| `results`              | Result types to include: `verified`, `unknown`, `unverified`, `filtered_unverified` | Optional | All types included |\n| `exclude_paths`        | Comma-separated list of paths to exclude from scanning        | Optional         | \"\" |\n| `additional_arguments` | Extra arguments to pass to the secret scanning tool           | Optional         | \"\" |\n| `base_command`         | Override the default command (Docker/local CLI)               | Optional         | Docker-based |\n| `accuknox_token`                | API token for AccuKnox SaaS                                    | Required         | — |\n| `accuknox_endpoint`             | AccuKnox API endpoint                                          | Optional         | cspm.demo.accuknox.com |\n| `accuknox_label`                | Label used in AccuKnox SaaS to organize results               | Required         | — |\n| `output_format`        | Format of results (`json`, `cli`, etc.)                       | Optional         | cli |\n| `output_file_path`     | Path to write output results                                   | Optional         | — |\n| `soft_fail`            | Prevent CI from failing on secret detection                   | Optional         | false |\n\n---\n\n## 🔍 How It Works\n\n1. **Developer pushes code** → Workflow triggers.  \n2. **Secret Scanner runs** → Docker executes the scan or local CLI if overridden.  \n3. **Secrets detected** → The tool generates a JSON results file.  \n4. **Upload findings** → Results are sent to AccuKnox using the provided token \u0026 label.  \n5. **Review findings** → Dashboard → Issues → Findings → Filter by *Secret Findings*.  \n6. **Pipeline decision** → If `soft_fail: false`, the pipeline fails on detected secrets.  \n\n---\n\n## 🛠️ Troubleshooting \u0026 Best Practices\n\n| Issue                                | Cause                                     | Solution |\n|--------------------------------------|------------------------------------------|----------|\n| `Missing required input: token`       | GitHub secret not set                     | Add `ACCUKNOX_TOKEN` |\n| `Failed to connect to endpoint`      | Incorrect API URL or network issue       | Verify endpoint URL |\n| No scan results in AccuKnox Console  | Missing label or invalid credentials      | Verify label and token values |\n| Workflow fails even with minor secrets | `soft_fail` not set                        | Set `soft_fail: true` to continue despite findings |\n| Empty scan report                     | Wrong directory or branch scanned        | Verify `exclude_paths` and `branch` inputs |\n\n---\n\n## 📖 Support \u0026 Documentation\n\n📚 Docs: [AccuKnox Documentation](https://accuknox.com)  \n\n📧 Support: support@accuknox.com  \n\n---\n\n## 🏁 Conclusion\n\nThe **AccuKnox Secret Scan GitHub Action** ensures hardcoded secrets are detected early, preventing leaks and enforcing security best practices.  \n\n🔐 **Shift Left with AccuKnox – Catch Secrets Before They Leak!** 🚀\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccuknox%2Fsecret-scan-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faccuknox%2Fsecret-scan-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccuknox%2Fsecret-scan-action/lists"}