feat(ci): add trufflehog secrets detection #286

McPatate · 2024-06-10T08:17:01Z

What does this PR do?

Adding a GH action to scan for leaked secrets on each commit.

Context

trufflehog will scan the commit that triggered the CI for any token leak. trufflehog works with a large number of what they call "detectors", each of which will read the text from the commit to see if there is match for a token. For example, the hugging face detector will check for hf tokens and then query our /api/whoami{-v2} endpoint to check if the token is valid. If it detects a valid token, the CI will fail, informing you that you need to rotate the token given it leaked.

References

feat(ci): add trufflehog secrets detection

7dbd86d

McPatate requested a review from OlivierDehaene June 10, 2024 08:17

fix(ci): remove unnecessary permissions

9adc150

OlivierDehaene merged commit afd09c0 into main Jun 17, 2024
2 checks passed

OlivierDehaene deleted the feat/add_trufflehog_ci branch June 17, 2024 10:19

MasakiMu319 pushed a commit to MasakiMu319/text-embeddings-inference that referenced this pull request Nov 27, 2024

feat(ci): add trufflehog secrets detection (huggingface#286)

d745788

aagnone3 pushed a commit to StratisLLC/hf-text-embeddings-inference that referenced this pull request Dec 11, 2024

feat(ci): add trufflehog secrets detection (huggingface#286)

ac8c2da

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(ci): add trufflehog secrets detection #286

feat(ci): add trufflehog secrets detection #286

Uh oh!

McPatate commented Jun 10, 2024

Uh oh!

Uh oh!

Uh oh!

feat(ci): add trufflehog secrets detection #286

feat(ci): add trufflehog secrets detection #286

Uh oh!

Conversation

McPatate commented Jun 10, 2024

What does this PR do?

Context

References

Uh oh!

Uh oh!

Uh oh!