Skip to content
Git Secrets Scan

Git Secrets Scan #799

Sign in to view logs

Git Secrets Scan

Git Secrets Scan #799

Workflow file for this run

.github/workflows/secrets-scan.yml at 10982bb
name: Git Secrets Scan
on:
schedule:
- cron: "0 0 * * *"
push:
branches: [main, feature/*, p3sprint/*]
jobs:
git-secrets-scan:
name: Git Secrets Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install git secrets
run: sudo apt-get update && sudo apt-get install git-secrets -y
- name: Add custom secrets patterns
run: git secrets --add '(\bBEGIN\b).*(PRIVATE KEY\b)'
&& git secrets --add 'AKIA[0-9A-Z]{16}'
&& git secrets --add '^([A-Za-z0-9/+=]{40,})$'
&& git secrets --add '^ghp_[a-zA-Z0-9]{36}'
&& git secrets --add '^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}'
&& git secrets --add '^v[0-9]\\.[0-9a-f]{40}'
&& git secrets --add '[A-Za-z0-9+/]{88}=='
&& git secrets --add '[A-Za-z0-9_-]{32}$'
&& git secrets --add 'conclavesso[0-9a-z-]{84}'
&& git secrets --add '\\b[a-z0-9]{80}\\b'
&& git secrets --add '\\b[A-Z0-9]{50}\\b'
&& git secrets --add '\\b[A-Z0-9]{58}\\b'
&& git secrets --add '^[a-zA-Z0-9_-]{32,64}$'
- name: Run git secrets scan
run: |
git secrets --scan
- name: Send email notification
uses:
dawidd6/action-send-mail@v3.1.0
if: always()
with:
server_address: ${{ secrets.SERVER_ADDRESS }}
server_port: ${{ secrets.SERVER_PORT }}
username: ${{ secrets.USER_NAME }}
password: ${{ secrets.PASSWORD }}
subject: Git Secrets Scan Results - "${{ github.repository }}"
to: "ponselvam.sakthivel@brickendon.com, rahulgandhi.jayabalan@brickendon.com, cybersecurity@crowncommercial.gov.uk"
from: "secops@brickendon.com"
body: |
Hi,
The Git Secrets scan has completed for "${{ github.repository }}". Please review the results below:
Scan Job URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
Scan Status: **${{ job.status }}**
Thank You.
Brickendon SecOps