1- name : gitleaks
2- on :
3- pull_request :
4- types : [ready_for_review]
5- env :
6- GIT_DISCOVERY_ACROSS_FILESYSTEM : 1
1+ name : Gitleaks-Action
2+ on : [push]
73jobs :
8- gitleaks :
4+ build :
95 runs-on : self-runner-node
106 steps :
11- - name : Checkout Repository
12- uses : actions/checkout@v2
13- with :
14- fetch-depth : ' 2'
15- - name : Detecting new added lines
16- run : |
17- git fetch origin ${{ github.event.repository.default_branch }}
18- git diff origin/${{ github.event.repository.default_branch }}..HEAD --name-only | xargs git diff origin/${{ github.event.repository.default_branch }}..HEAD -- | grep '+' | sed 's/+//' | sed 's/^[ \t]*//' > new-added-lines.txt
19- working-directory : ${{ github.workspace }}
20- - name : Install Go
21- uses : actions/setup-go@v2
22- with :
23- go-version : 1.16
24- - name : Install gitleaks
25- run : |
26- go get github.com/zricethezav/gitleaks/v7
27- name : Run gitleaks
28- run : |
29- gitleaks --no-git --path ${{ github.workspace }}/new-added-lines.txt --verbose --report=${{ github.workspace }}/gitleaks-report.json
30- name : Send to Lambda
31- if : ${{ always() }}
7+ - name : Trigger to Gitleak
328 run : |
339 python -c '
3410 import json,sys,requests;
35- try:
36- output=open("./gitleaks-report.json");
37- except IOError:
38- sys.exit(0);
39- json_result=json.loads(output.read());
40- github_result = {"repository": "'${{ github.repository }}'", "server_url": "'${{ github.server_url }}'", "run_id": "'${{ github.run_id }}'", "pr_number": "'${{ github.event.number }}'"};
41- request_json = {"gitleaks_result": json_result,"github": github_result};
42- requests.post("'$LambdaWebHook'", json=request_json)'
11+ github = {"repository": "'${{ github.event.repository.name }}'", "ref": "'${{ github.ref_name }}'"};
12+ github_request = {"insider_gitleak": github};
13+ requests.post("'$LambdaWebHook'", json=github_request);'
4314env :
4415 LambdaWebHook : ${{ secrets.CHECKMARX_LAMBDA_WEBHOOK }}
0 commit comments