Skip to content

ci: enable secret scanning using shared v1 workflow#9

Closed
Ozigbujoseph wants to merge 1 commit into
mainfrom
ozigbujoseph-hu/add-trufflehog-secret-scan
Closed

ci: enable secret scanning using shared v1 workflow#9
Ozigbujoseph wants to merge 1 commit into
mainfrom
ozigbujoseph-hu/add-trufflehog-secret-scan

Conversation

@Ozigbujoseph

Copy link
Copy Markdown

Summary

  • add TruffleHog PR secret scan using shared workflow v1
  • add scheduled full scan (non-blocking) for continuous monitoring
  • keep GHAS as baseline; this adds CI-visible PR checks

Validation

This rollout pattern was validated end-to-end in image-builder and k8s-deploy-infra:

Why this is safe

  • same shared reusable workflow (nscaledev/sre-shared-workflows/.github/workflows/secret-scan.yml@1)
  • same validated configuration pattern used in image-builder and k8s-deploy-infra

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

To use Codex here, create a Codex account and connect to github.

@Ozigbujoseph

Copy link
Copy Markdown
Author

TruffleHog not needed here, public repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant