Skip to content

Commit

Permalink
[CI] Trufflehog scan is no longer needed in CI
Browse files Browse the repository at this point in the history
We have the same coverage with github advanced security.
  • Loading branch information
Sam Xiao committed Mar 7, 2024
1 parent f20ccf9 commit 3712eb5
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 58 deletions.
57 changes: 0 additions & 57 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,62 +1,6 @@
version: 2.1

commands:
cmd-trufflehog-scan:
parameters:
disable_entropy:
default: true
description: Should we disable truffleHog's entropy detection?
type: boolean
max_history:
default: "1"
description: How far back to scan in git revisions
type: string
regexp_rules:
default: ""
description: Override default regexp rules with this file.
type: string
allowlist_file:
default: ".circleci/trufflehog_config/allowlist.json"
description: Add items to this file to allow you to override specific findings.
type: string
repo_path:
default: .
description: Scan alternate local or remote repo
type: string
current_branch:
default: ${CIRCLE_BRANCH}
description: Git branch to use
type: string
steps:
- run:
command: >
trufflehog --regex --json \
--branch << parameters.current_branch >> \
<<# parameters.allowlist_file >> --allow << parameters.allowlist_file >> <</ parameters.allowlist_file >> \
<<# parameters.max_history >> --max_depth=<< parameters.max_history >> <</ parameters.max_history>> \
<<# parameters.disable_entropy >> --entropy=False <</ parameters.disable_entropy >> \
<<# parameters.regexp_rules >> --rules=<< parameters.regexp_rules >> <</ parameters.regexp_rules >> \
<< parameters.repo_path >> \
| jq '{"reason":.reason,"path": .path}'
name: Scan using truffleHog

jobs:
run-trufflehog-scan:
docker:
- image: cimg/python:3.11
parameters:
current_branch:
default: ${CIRCLE_BRANCH}
description: Git branch to use
type: string
steps:
- checkout
- run:
name: Install truffleHog
command: pip install truffleHog
- cmd-trufflehog-scan:
current_branch: << parameters.current_branch >>

run-sanity-check:
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
Expand All @@ -74,5 +18,4 @@ workflows:

validate:
jobs:
- run-trufflehog-scan
- run-sanity-check
1 change: 0 additions & 1 deletion .circleci/trufflehog_config/allowlist.json

This file was deleted.

0 comments on commit 3712eb5

Please sign in to comment.