From 3712eb5d7d3593bda6ba0cc0277d3bd0763eed52 Mon Sep 17 00:00:00 2001
From: Sam Xiao <sxiao@montecarlodata.com>
Date: Thu, 7 Mar 2024 13:19:20 -0800
Subject: [PATCH] [CI] Trufflehog scan is no longer needed in CI

We have the same coverage with github advanced security.
---
 .circleci/config.yml                       | 57 ----------------------
 .circleci/trufflehog_config/allowlist.json |  1 -
 2 files changed, 58 deletions(-)
 delete mode 100644 .circleci/trufflehog_config/allowlist.json

diff --git a/.circleci/config.yml b/.circleci/config.yml
index f9c72e7..f7946b7 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,62 +1,6 @@
 version: 2.1
 
-commands:
-  cmd-trufflehog-scan:
-    parameters:
-      disable_entropy:
-        default: true
-        description: Should we disable truffleHog's entropy detection?
-        type: boolean
-      max_history:
-        default: "1"
-        description: How far back to scan in git revisions
-        type: string
-      regexp_rules:
-        default: ""
-        description: Override default regexp rules with this file.
-        type: string
-      allowlist_file:
-        default: ".circleci/trufflehog_config/allowlist.json"
-        description: Add items to this file to allow you to override specific findings.
-        type: string
-      repo_path:
-        default: .
-        description: Scan alternate local or remote repo
-        type: string
-      current_branch:
-        default: ${CIRCLE_BRANCH}
-        description: Git branch to use
-        type: string
-    steps:
-      - run:
-          command: >
-            trufflehog --regex --json \
-                       --branch << parameters.current_branch >> \
-                       <<# parameters.allowlist_file >> --allow << parameters.allowlist_file >> <</ parameters.allowlist_file >> \
-                       <<# parameters.max_history >> --max_depth=<< parameters.max_history >> <</ parameters.max_history>> \
-                       <<# parameters.disable_entropy >> --entropy=False <</ parameters.disable_entropy >> \
-                       <<# parameters.regexp_rules >> --rules=<< parameters.regexp_rules >> <</ parameters.regexp_rules >> \
-                       << parameters.repo_path >> \
-                       | jq '{"reason":.reason,"path": .path}'
-          name: Scan using truffleHog
-
 jobs:
-  run-trufflehog-scan:
-    docker:
-      - image: cimg/python:3.11
-    parameters:
-      current_branch:
-        default: ${CIRCLE_BRANCH}
-        description: Git branch to use
-        type: string
-    steps:
-      - checkout
-      - run:
-          name: Install truffleHog
-          command: pip install truffleHog
-      - cmd-trufflehog-scan:
-          current_branch: << parameters.current_branch >>
-
   run-sanity-check:
     docker:
       - image: docker.mirror.hashicorp.services/hashicorp/terraform:light
@@ -74,5 +18,4 @@ workflows:
 
   validate:
     jobs:
-      - run-trufflehog-scan
       - run-sanity-check
\ No newline at end of file
diff --git a/.circleci/trufflehog_config/allowlist.json b/.circleci/trufflehog_config/allowlist.json
deleted file mode 100644
index 9e26dfe..0000000
--- a/.circleci/trufflehog_config/allowlist.json
+++ /dev/null
@@ -1 +0,0 @@
-{}
\ No newline at end of file