File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2828jobs :
2929
3030 security :
31- name : Security Validation
31+ name : Security Validation (Hardened)
3232 runs-on : ubuntu-latest
3333
3434 steps :
3535 - uses : actions/checkout@v4
3636
37- - name : Secret Scan
37+ - name : Install security tools
3838 run : |
39- echo "Scanning repo..."
40- ! grep -R "PASSWORD\|TOKEN\|SECRET" -n . || exit 1
39+ sudo apt-get update
40+ sudo apt-get install -y curl git
41+
42+ # Enterprise-grade secret scanner
43+ - name : Run Gitleaks Scan
44+ uses : gitleaks/gitleaks-action@v2
45+ env :
46+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
47+
48+ # Backup static scan (non-fatal keyword filter)
49+ - name : Fallback Pattern Scan
50+ run : |
51+ echo "Running fallback scan..."
52+
53+ # Only fail on REAL secrets, not keywords in config
54+ if grep -RInE "AKIA[0-9A-Z]{16}|AIza[0-9A-Za-z\-]{35}|-----BEGIN (RSA|OPENSSH) PRIVATE KEY-----" .; then
55+ echo "Hard secret detected"
56+ exit 1
57+ fi
4158
4259 - name : File Integrity Check
4360 run : |
You can’t perform that action at this time.
0 commit comments