build(deps): bump github.com/trufflesecurity/trufflehog/v3 from 3.94.2 to 3.94.3 #677
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: gosec | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| gosec: | |
| name: security scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: stable | |
| - name: Run Gosec Security Scanner | |
| uses: securego/gosec@223e19b8856e00f02cc67804499a83f77e208f3c # v2.25.0 | |
| with: | |
| args: "-no-fail -fmt json -out results.json ./..." | |
| - name: Check Gosec Results | |
| run: | | |
| FOUND=$(jq '.Stats.found // 0' results.json) | |
| echo "Gosec found $FOUND issue(s)" | |
| if [ "$FOUND" -gt 0 ]; then | |
| echo "❌ Security issues detected! Please fix them before merging." | |
| exit 1 | |
| else | |
| echo "✅ No security issues found." | |
| fi | |
| - name: Run zizmor 🌈 | |
| uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 | |
| with: | |
| inputs: . | |
| fail_on_error: true |