Add secret scanning to repo

Frank-Howard · Frank-Howard · commit 4c1de5503c87 · 2024-12-12T09:20:28.000Z
diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml
@@ -19,3 +19,5 @@ jobs:
         with:
           python-version: '3.9'
       - uses: pre-commit/action@v3.0.1
+        env:
+          SKIP: "trufflehog"
diff --git a/.github/workflows/secret_scanning.yml b/.github/workflows/secret_scanning.yml
@@ -0,0 +1,13 @@
+name: "Secret Scanning"
+on:
+  push:
+
+jobs:
+  check_commits:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - uses: trufflesecurity/trufflehog@main
+      with:
+        extra_args: --results=verified,unknown
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,9 +1,22 @@
 default_language_version:
   python: python3.9
 repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: "v5.0.0"
+  hooks:
+  - id: no-commit-to-branch
 - repo: https://github.com/astral-sh/ruff-pre-commit
   rev: 'v0.8.0'
   hooks:
   - id: ruff
     args: [ "--fix" ]
   - id: ruff-format
+- repo: https://github.com/trufflesecurity/trufflehog.git
+  rev: "v3.84.2"
+  hooks:
+  - id: trufflehog
+    name: TruffleHog
+    description: Detect secrets in your data.
+    entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail --no-update'
+    language: system
+    stages: ["pre-commit", "pre-push"]

-Original file line number
+Diff line change
         with:
           python-version: '3.9'
       - uses: pre-commit/[email protected]
 +        env:
 +          SKIP: "trufflehog"