Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It seems to be not detecting secrets in the scan. it always passes #13

Open
sgore-godaddy opened this issue Sep 8, 2022 · 1 comment
Open

It seems to be not detecting secrets in the scan. it always passes #13

sgore-godaddy opened this issue Sep 8, 2022 · 1 comment

Comments

@sgore-godaddy
Copy link

I added the action as following in one of our repos:

# Workflow to run tartufo scan for PR

name: Tartufo

on:
  push:
    branches:
    - '*'

jobs:
  tartufo-scan:
    name: Tartufo Scan
    # No need to self-hosted runner, since this is purely looking at the Git repo that's already pushed
    runs-on: [self-hosted, pep-ci]
    steps:
      - name: Checkout
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0

      - name: Perform Scan
        uses: godaddy/tartufo-action@7e34fe798485a138ba59ecf533f5a5dd790351bb # v3.2.0
        with:
          entropy-sensitivity: 100

To verify if it detects secrets correctly or not, I added the following line in the readme:

the password is 7e84fe798485a138ba59ecf533f5a5dd790351bb

while locally it reports a problem, on github the action runs to completion without showing any error.
@sgore-godaddy
Copy link
Author

ok I think it is because of the entropy-sensitivity: 100 value. removing that works correctly, May be it needs to be a string ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sgore-godaddy