Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/carhartl/talisman-secrets-scan-action
Scan incoming commits for secrets with Talisman
https://github.com/carhartl/talisman-secrets-scan-action
appsec devsecops security
Last synced: 26 days ago
JSON representation
Scan incoming commits for secrets with Talisman
- Host: GitHub
- URL: https://github.com/carhartl/talisman-secrets-scan-action
- Owner: carhartl
- Created: 2021-09-18T04:57:26.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-02-19T11:51:15.000Z (over 1 year ago)
- Last Synced: 2024-03-14T15:25:48.332Z (8 months ago)
- Topics: appsec, devsecops, security
- Language: Shell
- Homepage:
- Size: 57.6 KB
- Stars: 3
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Detect secrets with Talisman action
This action uses [Talisman](https://thoughtworks.github.io/talisman/) to scan the incoming (pushed) range of commits for accidentally added secrets and sensitive information. It mimics a pre-push hook for this, thus it works nicely with a local git hook in tandem, that is as a fallback, last line of defense.
## Example usage
```yml
steps:
- name: Detect secrets with Talisman in incoming commits
uses: carhartl/[email protected]
```
## Caveat
When using this along with the `actions/checkout@v2` step you'll need to configure it to avoid a too shallow clone:
```yml
- uses: actions/checkout@v2
with:
fetch-depth: 0
```
Otherwise you may run into Talisman erroring out while it's trying to execute git with an invalid revision range:
```
time="2021-09-19T07:07:32Z" level=fatal msg="Git command execution failed" command="git diff 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690 --name-only --diff-filter=ACM" dir=/github/workspace error="exit status 128" output="fatal: Invalid revision range 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690\n"
```