From 808a698ed47c44655469b2982d4ea65d82fd6c39 Mon Sep 17 00:00:00 2001 From: Jeffrey Hung <17494876+Jeffreyhung@users.noreply.github.com> Date: Wed, 17 Jul 2024 14:31:46 -0700 Subject: [PATCH] Update secret-scan.yml (#137) --- .github/workflows/secret-scan.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index 55e080d..4bbfbcd 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -20,14 +20,17 @@ jobs: - name: Install Cosign uses: sigstore/cosign-installer@v3.5.0 - - name: Get latest TruffleHog release + - name: Pin Trufflehog to a know good release id: trufflehog_release shell: bash + # run: | + # LATEST_TAG_NAME=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases/latest | jq -r .name) + # LATEST_RELEASE=$(echo ${LATEST_TAG_NAME:1}) + # echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT" + # echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT" run: | - LATEST_TAG_NAME=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases/latest | jq -r .name) - LATEST_RELEASE=$(echo ${LATEST_TAG_NAME:1}) - echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT" - echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT" + echo "latest_tag_name=v3.79.0" >> "$GITHUB_OUTPUT" + echo "latest_release=3.79.0" >> "$GITHUB_OUTPUT" - name: Download and verify TruffleHog release run: |