feat: allow trufflehog false positive (#27) (#32)

splunk · Mar 14, 2022 · 86a7e2b · 86a7e2b
1 parent dcd276f
commit 86a7e2b
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -154,14 +154,22 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
+ if: github.event_name != 'pull_request'
+ uses: actions/checkout@v2
+ with:
+ submodules: false
+ fetch-depth: "0"
+ - name: Checkout for PR
+ if: github.event_name == 'pull_request'
  uses: actions/checkout@v2
  with:
  submodules: false
  fetch-depth: "0"
+ ref: ${{ github.head_ref }}
  - name: Trufflehog Actions Scan
- uses: edplato/trufflehog-actions-scan@v0.9j-beta
+ uses: edplato/trufflehog-actions-scan@v0.9l-beta
  with:
- scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt"
+ scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt --allow .github/workflows/trufflehog-false-positive.json"
 
  semgrep:
  runs-on: ubuntu-latest