search

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials
https://trufflesecurity.com
GNU Affero General Public License v3.0
17.35k stars 1.72k forks source link

Show file path on findings in github action #3093

Open eric-price opened 4 months ago

eric-price commented 4 months ago

Description

It would be nice to have the Github action workflow show the file and possibly the line number on each finding like the CLI tool does. The engineers who see the findings don't know where to look without running the scan locally again to get the file path and line number.

Preferred Solution

Would be nice to have an output like this when I run: trufflehog git file://. --branch develop --filter-unverified --github-actions Output:

::warning file=src/app/env.yml,line=41,endLine=41::Found verified Postmark result 🐷🔑
::warning file=src/app/env.yml,line=70,endLine=70::Found verified Postmark result 🐷🔑
::warning file=.github/workflows/sonarqube-analysis.yml,line=71,endLine=71::Found unverified SonarCloud result 🐷🔑

Additional Context

Screenshot of output in Github actions:

Screenshot 2024-07-24 at 9 56 53 AM
Noman-Aziz commented 3 months ago

Hey, i found out that the results are present in the Summary section of the github actions

image

eric-freewill commented 3 months ago

Wow, I must have skipped the summary page and went directly to the job run. Thanks for pointing this out! This can be resolved.

noel-cashrewards commented 3 months ago

I don't see mine any annotations even though the logs show that it has detected a secret. Maybe some permissions are missing?