Secret Scanning
The secret-scanning workflow is designed to identify sensitive information such as API keys, passwords, and other secrets within your codebase. By integrating secret scanning into your CI/CD pipeline, developers can proactively prevent the accidental exposure of confidential data, enhancing the overall security posture of the application.
The secret-scanning accept a following inputs:
| Name | Description | Required | Default Value |
|---|---|---|---|
api_url | The DevGuard API URL | No | https://api.main.devguard.org |
asset_name | Name of the asset to scan | Yes | |
token | API token for authenticating with DevGuard | Yes | |
scan_stage | The stage where the scan is run | No | test |
runner_tags | The runner tags used to select appropriate CI runners. | No | "" |
Usage Example: Here’s an example of how to call this component:
include:
- remote: "https://gitlab.com/l3montree/devguard/-/raw/main/templates/secret-scanning.yml"
inputs:
asset_name: "myOrgnaization/projects/myProject/assets/myAsset"
token: "$DEVGUARD_TOKEN"