name: Gitleaks Secret Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
workflow_dispatch:
permissions: read-all
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
jobs:
gitleaks:
name: Gitleaks Secret Scanner
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner (Endpoint Network Security)
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 with:
fetch-depth: 0
- name: Gitleaks Scan
uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}