Open pylapp opened 7 months ago
Given the following gitleaks-action file placed in .github/workflows on my GitHub project
name: gitleaks on: [pull_request, push, workflow_dispatch] jobs: scan: name: gitleaks runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}
The GitHub action does not find my gitleaks.toml file placed at the root of the project even if this page says it will.
Defined the gitleaks.toml file elsewhere and precising through GITLEAKS_CONFIG env variable where to find it, the GitHub action just ignores it.
gitleaks.toml is like bellow:
[[rules]] description = "Detect Some Service key in URL" regex = '''(?i)apikey=([a-zA-Z0-9_-]{10})'''
and is working with gitleaks in CLI.
How make the GitHub Actions use the rules of the TOML file?
Given the following gitleaks-action file placed in .github/workflows on my GitHub project
The GitHub action does not find my gitleaks.toml file placed at the root of the project even if this page says it will.
Defined the gitleaks.toml file elsewhere and precising through GITLEAKS_CONFIG env variable where to find it, the GitHub action just ignores it.
gitleaks.toml is like bellow:
and is working with gitleaks in CLI.
How make the GitHub Actions use the rules of the TOML file?