{"id":50814043,"url":"https://github.com/toro-guapo/trestle-action","last_synced_at":"2026-06-13T07:34:18.827Z","repository":{"id":360052836,"uuid":"1248552464","full_name":"toro-guapo/trestle-action","owner":"toro-guapo","description":"Trestle GitHub Action","archived":false,"fork":false,"pushed_at":"2026-05-24T19:44:08.000Z","size":11,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-13T07:34:16.408Z","etag":null,"topics":["development-tools","secret-scanning","security"],"latest_commit_sha":null,"homepage":"https://trestlescan.com","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/toro-guapo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-24T19:43:44.000Z","updated_at":"2026-05-25T13:27:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/toro-guapo/trestle-action","commit_stats":null,"previous_names":["toro-guapo/trestle-action"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/toro-guapo/trestle-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toro-guapo%2Ftrestle-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toro-guapo%2Ftrestle-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toro-guapo%2Ftrestle-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toro-guapo%2Ftrestle-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/toro-guapo","download_url":"https://codeload.github.com/toro-guapo/trestle-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toro-guapo%2Ftrestle-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34276501,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["development-tools","secret-scanning","security"],"created_at":"2026-06-13T07:34:13.184Z","updated_at":"2026-06-13T07:34:18.820Z","avatar_url":"https://github.com/toro-guapo.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"left\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"assets/logo-dark.svg\"\u003e\n    \u003cimg src=\"assets/logo-light.svg\" alt=\"Trestle logo\" height=\"18\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\nScan your repository for leaked secrets on every push and pull request, using\nthe [Trestle][trestle] Community secret scanner.\n\nTrestle detects API keys, access tokens, passwords, private keys, and\ncertificates. It runs as a single self-contained\nbinary downloaded from the official GitHub release, with the download verified\nagainst a sha256 checksum published with each release.\n\n[trestle]: https://trestlescan.com\n\n## Quick start\n\n```yaml\nname: Secret scan\n\non:\n  push:\n  pull_request:\n\njobs:\n  trestle:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: toro-guapo/trestle-action@v1\n```\n\n## Upload results to the GitHub Security tab\n\nTrestle can emit [SARIF][sarif], which GitHub renders in the Security tab as\ncode scanning alerts.\n\n```yaml\njobs:\n  trestle:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      security-events: write\n    steps:\n      - uses: actions/checkout@v4\n      - uses: toro-guapo/trestle-action@v1\n        with:\n          args: --output-format=sarif --output-file=trestle.sarif\n          fail-on-findings: false\n        id: trestle\n      - uses: github/codeql-action/upload-sarif@v4\n        if: always()\n        with:\n          sarif_file: trestle.sarif\n```\n\n[sarif]: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning\n\n## Inputs\n\n| Name               | Default              | Description |\n| ------------------ | -------------------- | ----------- |\n| `version`          | `latest`             | Trestle Community version, such as `1.2.3`, or `latest`. |\n| `path`             | `.`                  | Path to scan. |\n| `args`             | _empty_              | Extra arguments passed to `trestle scan`. Space-separated; values cannot contain spaces. |\n| `fail-on-findings` | `true`               | When `true`, fail the job if any secrets are found. |\n| `repository`       | `toro-guapo/trestle` | GitHub repository to download trestle from. |\n\n## Outputs\n\n| Name           | Description |\n| -------------- | ----------- |\n| `exit-code`    | Trestle exit code: `0` (no findings), `1` (findings), `2` (error). |\n| `has-findings` | `\"true\"` if any findings were reported, otherwise `\"false\"`. |\n\n## Supported runners\n\nThe action runs on the GitHub-hosted runners listed below. Self-hosted runners\non the same operating system and architecture also work.\n\n| Operating system | Architecture | Example runner labels        |\n| ---------------- | ------------ | ---------------------------- |\n| Linux            | x86-64       | `ubuntu-latest`, `ubuntu-24.04` |\n| Linux            | arm64        | `ubuntu-24.04-arm`           |\n| macOS            | arm64        | `macos-latest`, `macos-14`   |\n| macOS            | x86-64       | `macos-13`                   |\n| Windows          | x86-64       | `windows-latest`             |\n| Windows          | arm64        | `windows-11-arm`             |\n\n## How the binary is verified\n\nFor each release of Trestle, a `checksums.txt` file is published alongside the\nplatform binaries. The action downloads both files from the same release tag\nand rejects the binary if its sha256 hash does not match the entry in\n`checksums.txt`.\n\nThe action requires a release that ships `checksums.txt`.\n\n## License\n\nApache License 2.0. See [LICENSE](LICENSE).\n\nIssues and discussion are welcome on GitHub. Pull requests are not accepted at\nthis time.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoro-guapo%2Ftrestle-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoro-guapo%2Ftrestle-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoro-guapo%2Ftrestle-action/lists"}