This GitHub action scans artifacts for secrets using gitleaks before uploading them. The upload functionality is performed using the @actions/artifact package, which is also used by the upload-artifact GitHub action. The purpose of this action is to ensure that no secrets are included in the uploaded artifacts.
- Compatible with upload-artifact v4
- Alerts users if any secrets are detected
- Prevents uploading artifacts if secrets are found
- Wraps the
upload-artifactGitHub action for seamless integration
To use the action, add it to your GitHub Actions workflow file:
- uses: PaloAltoNetworks/upload-secure-artifact@main
with:
name: python-build
path: /output
** Pin your actions for a safer world
-
original upload-artifact inputs can be found here
-
scan-only-runner-token (Optional)
- Description: If true, skip the gitleaks secrets scanning and only perform scanning for the runner token (GITHUB_TOKEN) in the local .git folder.
- Default: false
- artifact-id, artifact-url: supplied by the upload-artifact action
Contributions are welcome! Please open an issue or submit a pull request if you have any improvements or suggestions.
For any questions or support, please open an issue on the GitHub repository.