Skip to content

Secret Detection

This workflow runs secret detection on the target repository.

Due to the nature of reusable workflows, you will need to specify secrets: inherit when calling it for GitLeaks to find the license key.

Secret detection on push 

uses: Yellow-Dog-Man/composite-actions-templates/.github/workflows/secret-detection.yml@main
permissions:
  contents: read
Source of Yellow-Dog-Man/composite-actions-templates/.github/workflows/secret-detection.yml@main 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
name: 'Secret detection on push'

on:
  push:
  workflow_call:

jobs:
  gitleaks-scan:
    runs-on: ubuntu-latest

    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: '0'

      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}