Bump the nuget-security group with 28 updates #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: secrets | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| # Gitleaks scans for hardcoded secrets (passwords, API keys, tokens). | |
| # Runs on pull requests only to conserve GitHub Actions minutes on Free tier. | |
| # For push-on-every-commit scanning, add 'push:' to the triggers above. | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| gitleaks: | |
| name: Gitleaks Secret Scanning | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Full history for comprehensive scanning | |
| - name: Run Gitleaks | |
| uses: gitleaks/gitleaks-action@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| args: detect --no-banner --redact --source . |