diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml new file mode 100644 index 0000000..049c02f --- /dev/null +++ b/.github/workflows/secrets-scan.yml @@ -0,0 +1,29 @@ +name: Secrets Scan +on: + pull_request: + types: [opened, synchronize, reopened] +jobs: + security-secrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: '2' + ref: '${{ github.event.pull_request.head.ref }}' + - run: | + git reset --soft HEAD~1 + - name: Install Talisman + run: | + # Download Talisman + wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman + + # Checksum verification + checksum=$(sha256sum ./talisman | awk '{print $1}') + if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi + + # Make it executable + chmod +x talisman + - name: Run talisman + run: | + # Run Talisman with the pre-commit hook + ./talisman --githook pre-commit \ No newline at end of file diff --git a/.talismanrc b/.talismanrc index 2fd7ede..58aaa15 100644 --- a/.talismanrc +++ b/.talismanrc @@ -1,17 +1,28 @@ fileignoreconfig: +- filename: .github/workflows/secrets-scan.yml + ignore_detectors: + - filecontent - filename: Contentstack.Core/Internals/HttpRequestHandler.cs checksum: 93c1659f3bc7527956f0fd12db46441297fac3a4366d273bcbb3425d2351300e - filename: Contentstack.Core/Models/Entry.cs - checksum: 79320b005882981fd7c79fe73832f28284db686927942e46b422ac9e88405023 + checksum: a6226f755dde69be62c21737ca75569ba6ea7cb4b7a125dc460c047dbe741b9e - filename: Contentstack.Core/ContentstackClient.cs - checksum: 1cb7c9bd62881ae71406449c948b1e85aa865d0c7191013f77f9b9a60df700d9 + checksum: 761a5d65bfa12d16641aa66e5431b2eb52b0909eff904dca5c2f607ee439cba0 - filename: Contentstack.Core/Models/AssetLibrary.cs - checksum: 023aed649cf09228d753a4dec2b3a9f126aad474f538ca0e21d03ee07e9f6129 + checksum: 92ff3feaf730b57c50bb8429f08dd4cddedb42cd89f2507e9746f8237b65fb11 - filename: Contentstack.Core/Models/Asset.cs - checksum: 98b819cb9b1e6a9a9e5394ac23c07bc642a41c0c7512d169afc63afe3baa6fb3 + checksum: d192718723e6cb2aa8f08f873d3a7ea7268c89cc15da3bdeea4c16fd304c410e - filename: Contentstack.Core/Models/Query.cs - checksum: eaf047e4ff77d92b5114f190e17fcc1e605bf8536e0406418d7ac1d0357d5110 + checksum: fb9b5e4014f937d66b9028b35ea53d750e4d2659daaa48a2941c02f37429725f - filename: Contentstack.Core/Models/Taxonomy.cs - checksum: db8bcefdc7aafde4286e7fb6d67348bec49f1ac27b54d84fddca8124135bd779 + checksum: 751a725d94eff7d845bb22a5ce80a5529bb62971373de39288149fff3d024930 - filename: .github/workflows/nuget-publish.yml - checksum: 53ba4ce874c4d2362ad00deb23f5a6ec219318860352f997b945e9161a580651 \ No newline at end of file + checksum: 53ba4ce874c4d2362ad00deb23f5a6ec219318860352f997b945e9161a580651 +- filename: Contentstack.Core/Models/ContentType.cs + checksum: 53e3b8330183445d100b32c545073f281b869ee238514c7ab8c9a4500a140166 +- filename: Contentstack.Core.Tests/ContentTypeTest.cs + checksum: a2549638af21492d5a299dce35a2994ec4721b211af6956b955602d7065c47dc +- filename: Contentstack.Core/Models/GlobalFieldQuery.cs + checksum: 16fb3c5fb4de2b686f338b0666c7c86c3d37f2a276f85698a59a1ac1a02d359d +- filename: Contentstack.Core/Models/GlobalField.cs + checksum: 49cc6ec8b55408a3e71ba19551dbe01709ec70bc673fae21c280a1f74968e395 \ No newline at end of file