DevOps Shield - DevSecOps Automation - Create devopsshield-ss-gitleaks.yml

CalinL · CalinL · commit 6afe5781e769 · 2025-01-08T23:32:27.000-05:00
diff --git a/.github/workflows/devopsshield-ss-gitleaks.yml b/.github/workflows/devopsshield-ss-gitleaks.yml
@@ -0,0 +1,60 @@
+# DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
+# https://devopsshield.com
+##############################################################
+# This is a DevOps Shield - Application Security - Code Security Template. 
+
+# This workflow template uses actions that are not certified by DevOps Shield. 
+# They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
+
+# Use this workflow template for integrating code security into your pipelines and workflows.
+
+# DevOps Shield Workflow Template Details:
+# ------------------------------------------------------------
+# Code: GH_SS_GITLEAKS
+# Name: Gitleaks Secret Scanning
+# DevSecOpsControls: SS
+# Provider: Gitleaks
+# Categories: Code Scanning, Secrets
+# Description: 
+# Gitleaks is a tool for detecting and preventing hardcoded secrets like passwords, API keys, and tokens in git repos. 
+# Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. 
+# Enable Gitleaks-Action in your GitHub workflows to be alerted when secrets are leaked as soon as they happen.
+# A gitleaks-action license can be obtained at gitleaks.io. 
+# Read the official documentation to find out more. 
+# For more information: 
+# https://gitleaks.io/
+# https://github.com/gitleaks
+# https://blog.gitleaks.io/
+# ------------------------------------------------------------
+# Source repository: https://github.com/gitleaks/gitleaks-action
+##############################################################
+
+name: Gitleaks Secret Scanning
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: 0 0 * * *
+
+jobs:
+  gitleaks:
+    name: Gitleaks Secret Scanning
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+     
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Run Gitleaks
+      uses: gitleaks/gitleaks-action@v2
+      id: gitleaks
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Only required for Organizations, not personal accounts.
