Merge pull request #38 from grafana/trufflehog-pre-commit

Create trufflehog precommit

Author: KristianGrafana

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/grafana/security-github-actions
+    rev: main
+    hooks:
+      - id: trufflehog

.pre-commit-hooks.yaml

@@ -0,0 +1,8 @@
+- id: trufflehog
+  name: TruffleHog
+  language: script
+  entry: pre-commit/trufflehog.sh
+  stages:
+    - pre-commit
+    - pre-push
+  types: [text]

pre-commit/trufflehog.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# vim: ai:ts=8:sw=8:noet
+set -euo pipefail
+
+# renovate: datasource=docker depName=trufflesecurity/trufflehog
+TRUFFLEHOG_DEFAULT_VERSION="3.88.29@sha256:6375b4dd7d045656bf78f52ac5a6e992eff344da9def96f0953cda26f791ffb7"
+TRUFFLEHOG_VERSION="${TRUFFLEHOG_VERSION:-${TRUFFLEHOG_DEFAULT_VERSION}}"
+
+docker \
+    run \
+    --volume "$(pwd):/workdir" \
+    --interactive \
+    --rm \
+    "trufflesecurity/trufflehog:$TRUFFLEHOG_VERSION" \
+    git \
+    file:///workdir \
+    --since-commit HEAD \
+    --results=verified,unknown \
+    --log-level=-1 \
+    --fail