forked from adelevie/parse-ruby-client
-
Notifications
You must be signed in to change notification settings - Fork 0
31 lines (28 loc) · 993 Bytes
/
secrets-scan.yaml
File metadata and controls
31 lines (28 loc) · 993 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# GitHub Actions workflow that calls the brightwheel appsec-tooling reusable workflow for secrets
# scanning on protected branches.
#
# DEPENDENCIES:
#
# * Organization-level Variable (Settings → Secrets and variables → Actions → Variables):
# - APPSEC_SCANNER_PULL_ROLE_ARN: AWS IAM role ARN for ECR scanner image access via OIDC
name: Secrets Scan
on:
# Automatic scanning on every push to PR branches
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches:
- master
# Manual trigger
workflow_dispatch:
inputs:
pr_number:
description: "PR number to scan (optional)"
required: false
ref:
description: "Branch/ref to scan (optional, defaults to current)"
required: false
jobs:
scan:
if: ${{ !github.event.pull_request.draft || github.event_name == 'workflow_dispatch' }}
uses: brightwheel/appsec-tooling/.github/workflows/reusable-secrets-scan.yaml@main
secrets: inherit