Skip to content

chore(deps): bump trufflesecurity/trufflehog from c1a1d6a28a601e902d8652e75425c4b3d3294053 to f2cd191b97098913a07522227d2b5e40e57252f4#355

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/trufflesecurity/trufflehog-f2cd191b97098913a07522227d2b5e40e57252f4
Open

chore(deps): bump trufflesecurity/trufflehog from c1a1d6a28a601e902d8652e75425c4b3d3294053 to f2cd191b97098913a07522227d2b5e40e57252f4#355
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/trufflesecurity/trufflehog-f2cd191b97098913a07522227d2b5e40e57252f4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps trufflesecurity/trufflehog from c1a1d6a28a601e902d8652e75425c4b3d3294053 to f2cd191b97098913a07522227d2b5e40e57252f4.

Commits
  • f2cd191 feat: add OpenRouter detector (#4500)
  • 00155c9 Include encoded resume info instead of clobbering it (#5110)
  • 4d3a66f fixed syntax error (#5109)
  • 797f02b [INS-334] Octopus Deploy detector (#4787)
  • 7f04a89 [INS-465] Skip unverified JWT Detector results when feature flag is enabled (...
  • 459d5a7 Add prometheus metrics for engine channels and workers (#5095)
  • f38f8f7 fix(azuresastoken): match SAS tokens regardless of parameter order (#5043)
  • 6261f5c removed "unauthorized" as exception for rotated graphana secrets (#5068)
  • f446421 [INS-407] Fixed AWS detector producing non deterministic output (#4836)
  • 885fa2d [INS-197] Add redhatpyxis api key detector (#4995)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from c1a1d6a28a601e902d8652e75425c4b3d3294053 to f2cd191b97098913a07522227d2b5e40e57252f4.
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@c1a1d6a...f2cd191)

---
updated-dependencies:
- dependency-name: trufflesecurity/trufflehog
  dependency-version: f2cd191b97098913a07522227d2b5e40e57252f4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added ci-cd dependencies Pull requests that update a dependency file labels Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/security-scan.yml

PackageVersionLicenseIssue Type
trufflesecurity/trufflehogf2cd191b97098913a07522227d2b5e40e57252f4NullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
actions/trufflesecurity/trufflehog f2cd191b97098913a07522227d2b5e40e57252f4 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 9binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases🟢 84 out of the last 4 releases have a total of 4 signed artifacts.
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/security-scan.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci-cd dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants