Skip to content

InfoSec

InfoSec #176

Workflow file for this run

name: InfoSec
on:
pull_request:
push:
workflow_dispatch:
schedule:
- cron: "0 4 * * *" # run once a day at 4 AM
jobs:
creds:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# TODO: uncomment when they fix this; scan locally via `snyk monitor`
# vuln:
# name: snyk
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# with:
# fetch-depth: 0
# - uses: snyk/actions/python@master
# continue-on-error: true # To make sure that SARIF upload gets called
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# args: --severity-threshold=high --sarif-file-output=snyk.sarif
# - name: upload results
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: snyk.sarif