Skip to content

carhartl/talisman-secrets-scan-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits

.github/workflows

.github/workflows

 
 

.talismanrc

.talismanrc

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

entrypoint.sh

entrypoint.sh

 
 

lefthook.yml

lefthook.yml

 
 

run.sh

run.sh

 
 

Repository files navigation

Detect secrets with Talisman action

This action uses Talisman to scan the incoming (pushed) range of commits for accidentally added secrets and sensitive information. It mimics a pre-push hook for this, thus it works nicely with a local git hook in tandem, that is as a fallback, last line of defense.

Example usage

steps:
  - name: Detect secrets with Talisman in incoming commits
    uses: carhartl/talisman-secrets-scan-action@v1.4.0

Caveat

When using this along with the actions/checkout@v2 step you'll need to configure it to avoid a too shallow clone:

- uses: actions/checkout@v2
  with:
    fetch-depth: 0

Otherwise you may run into Talisman erroring out while it's trying to execute git with an invalid revision range:

time="2021-09-19T07:07:32Z" level=fatal msg="Git command execution failed" command="git diff 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690 --name-only --diff-filter=ACM" dir=/github/workspace error="exit status 128" output="fatal: Invalid revision range 0c4a631e70056a95df1c235d238a80828e07cf9c..a32a5c7e1a3d250bf18a080a44a764d9b93b9690\n"

About

Scan incoming commits for secrets with Talisman

Topics

security appsec devsecops

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 7

v1.4.0 Latest
Feb 17, 2023
+ 6 releases

Packages

No packages published

Languages