Skip to content

Update TruffleHog workflow for PR scanning #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kazazes merged 1 commit into from
Aug 28, 2025
Merged

Update TruffleHog workflow for PR scanning #2

kazazes merged 1 commit into from
Aug 28, 2025

Conversation

@kazazes
Copy link
Contributor

@kazazes kazazes commented Aug 28, 2025
edited by ellipsis-dev bot
Loading

Important

Update trufflehog.yml to enhance PR scanning by making checkout fork-safe, fetching base commit, and using extra_args for TruffleHog.

  • Workflow Changes:
    • Updates trufflehog.yml to make the checkout process fork-safe by using actions/checkout@v4 with persist-credentials: false and fetch-depth: 0.
    • Adds a step to fetch the base commit locally for diffing using git fetch.
    • Modifies TruffleHog execution to use extra_args for flags --fail, --redact, and --results=verified,unknown.

This description was created by Ellipsis for 346da7b. You can customize this summary. It will automatically update as commits are pushed.

@kazazes kazazes merged commit 0e2363a into main Aug 28, 2025
1 check passed
ellipsis-dev[bot]
ellipsis-dev bot reviewed Aug 28, 2025
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 346da7b in 40 seconds. Click for details.
  • Reviewed 46 lines of code in 1 files
  • Skipped 0 files when reviewing.
  • Skipped posting 4 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/trufflehog.yml:17
  • Draft comment:
    Good fork‐safe checkout: using the repository field with persist-credentials: false is a solid security practice.
  • Reason this comment was not posted:
    Confidence changes required: 0% <= threshold 50% None
2. .github/workflows/trufflehog.yml:23
  • Draft comment:
    Setting fetch-depth: 0 ensures full history for diff analysis; just verify that performance remains acceptable on very large repositories.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None
3. .github/workflows/trufflehog.yml:28
  • Draft comment:
    Explicitly fetching the base commit (refs/heads/__base) is effective; ensure the base commit is always available in the remote.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None
4. .github/workflows/trufflehog.yml:36
  • Draft comment:
    Verify that the extra_args '--fail --redact --results=verified,unknown' are fully supported by trufflehog v3.90.5; future updates might require adjustments.
  • Reason this comment was not posted:
    Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_d6J6FkVwnjtcf3mv

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

@kazazes kazazes deleted the th-version branch August 28, 2025 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kazazes