1+ name : Secrets Scan
2+ on :
3+ pull_request :
4+ types : [opened, synchronize, reopened]
5+ jobs :
6+ security-secrets :
7+ runs-on : ubuntu-latest
8+ if : ${{ github.base_ref == 'main' || github.base_ref == 'master' }}
9+ steps :
10+ - uses : actions/checkout@v2
11+ with :
12+ fetch-depth : 0
13+
14+ - name : Install Expect, jq and Python
15+ run : sudo apt-get update --fix-missing && sudo apt-get install -y expect jq python3 python3-pip wkhtmltopdf
16+
17+ - name : Install Python packages
18+ run : pip install pandas json2html tabulate
19+
20+ - name : Install Talisman
21+ run : |
22+ curl --silent https://raw.githubusercontent.com/thoughtworks/talisman/v1.32.0/install.sh > install.bash
23+ chmod +x install.bash
24+ ./install.bash
25+
26+ name : Run Talisman
27+ id : run_talisman
28+ run : /usr/local/bin/talisman --scan
29+ continue-on-error : true
30+
31+ - name : Convert JSON to HTML
32+ run : |
33+ python3 -c "
34+ import json
35+ import os
36+ from json2html import *
37+ with open('talisman_report/talisman_reports/data/report.json') as f:
38+ data = json.load(f)
39+ html = json2html.convert(json = data)
40+ os.makedirs('talisman_html_report', exist_ok=True)
41+ with open('talisman_html_report/report.html', 'w') as f:
42+ f.write(html)
43+ " && wkhtmltopdf talisman_html_report/report.html talisman_report.pdf
44+
45+ name : Upload Report
46+ id : upload_report
47+ uses : actions/upload-artifact@v4
48+ with :
49+ name : talisman-report-pdf
50+ path : talisman_report.pdf
51+
52+ - name : Check the status of talisman scan
53+ run : |
54+ # if [[ ${{ steps.run_talisman.outcome }} == "success" ]]; then exit 0; else echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}" && exit 1; fi
55+ echo "Download the Talisman scan report from Artifact: ${{ steps.upload_report.outputs.artifact-url }}";
0 commit comments