Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/reviewdog/action-detect-secrets
GitHub Action: Run detect-secrets with reviewdog
https://github.com/reviewdog/action-detect-secrets
detect-secrets github-actions review reviewdog security
Last synced: about 1 month ago
JSON representation
GitHub Action: Run detect-secrets with reviewdog
- Host: GitHub
- URL: https://github.com/reviewdog/action-detect-secrets
- Owner: reviewdog
- License: mit
- Created: 2021-03-15T00:10:19.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-10-08T00:27:18.000Z (2 months ago)
- Last Synced: 2024-10-31T10:38:05.755Z (about 1 month ago)
- Topics: detect-secrets, github-actions, review, reviewdog, security
- Language: Python
- Homepage:
- Size: 69.3 KB
- Stars: 22
- Watchers: 34
- Forks: 11
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- stars - reviewdog/action-detect-secrets - GitHub Action: Run detect-secrets with reviewdog \[*MIT License*\] (⭐️22) (Python)
- stars - reviewdog/action-detect-secrets - GitHub Action: Run detect-secrets with reviewdog \[*MIT License*\] (⭐️22) (Python)
README
# GitHub Action: Run detect-secrets with reviewdog
This action runs [detect-secrets](https://github.com/Yelp/detect-secrets) with
[reviewdog](https://github.com/reviewdog/reviewdog) on pull requests to improve
code review experience.
## Inputs
### `github_token`
**Required**. Must be in form of `github_token: ${{ secrets.github_token }}`'.
### `workdir`
Optional. The directory from which to look for and run detect-secrets. Default '.'
### `filter_mode`
Optional. Reviewdog filter mode [added, diff_context, file, nofilter]
It's the same as the `-filter-mode` flag of reviewdog.
### `fail_on_error`
Whether reviewdog should fail when errors are found. [true,false]
This is useful for failing CI builds in addition to adding comments when errors are found.
It's the same as the `-fail-on-error` flag of reviewdog.
### `level`
Optional. Report level for reviewdog [info,warning,error].
It's same as `-level` flag of reviewdog.
### `reporter`
Reporter of reviewdog command [github-pr-check,github-pr-review,github-check].
Default is github-pr-check.
github-pr-review can use Markdown and add a link to rule page in reviewdog reports.
### `reviewdog_flags`
Optional. Additional reviewdog flags.
### `detect_secrets_flags`
Optional. Flags and args of detect-secrets command. The default is `--all-files --force-use-all-plugins`.
This can be used to [exclude paths, secrets or lines to ignore false positives](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#filters).
### `baseline_path`
Optional. The path to provide to `--baseline` argument of detect-secrets command.
If provided, the baseline file will be updated with newly discovered secrets, otherwise it will be created.
The default is empty, so baseline created or overwritten.
## Example usage
### [.github/workflows/reviewdog.yml](.github/workflows/reviewdog.yml)
```yml
name: reviewdog
on: [pull_request]
jobs:
detect-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: detect-secrets
uses: reviewdog/action-detect-secrets@master
with:
reporter: github-pr-review # Change reporter.
```
## Configuration
### Preventing false positives
Since the detect-secrets CLI can report false positives, it is likely you will have to configure it by using the `detect_secrets_flags` input to ignore any or use inline comments. There are [4 filtering options to ignore false positives](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#filters):
- [Excluding file paths](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-files)
- [Excluding lines](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-lines)
- [Excluding secrets](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#--exclude-secrets)
- [Inlining exclude comments](https://github.com/Yelp/detect-secrets?tab=readme-ov-file#inline-allowlisting-1)