Use this action to scan Amazon Simple Storage Service (S3) buckets with TruffleHog, an open-source secret scanning tool to detect secrets and sensitive information.
This action requires prior authentication to Amazon Web Services (AWS), so you must invoke the AWS authentication action before invoking the TruffleHog S3 scan action. For more information, refer to the AWS credentials configuration action.
| Input name | Data type | Required | Description |
|---|---|---|---|
|
string |
Yes |
Name of the S3 bucket. |
|
integer |
No |
The number threshold of very high severity vulnerabilities at which the build is broken. |
In your YAML file, add:
- name: Configure AWS credentials
uses: cloudbees-io/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Run TruffleHog S3 scan
uses: cloudbees-io/trufflehog-secret-scan-s3@v1
with:
bucket-name: "test-bucket"In the following example, if there are more than three very high severity vulnerabilities identified, the build is broken.
- name: Run TruffleHog S3 scan with threshold
uses: cloudbees-io/trufflehog-secret-scan-s3@v1
with:
bucket-name: "test-bucket"
threshold-very-high: 3This code is made available under the MIT license.
-
Learn more about using actions in CloudBees workflows.
-
Learn about the CloudBees platform.