Skip to content

ci: make gitleaks scan repository contents #2

ci: make gitleaks scan repository contents

ci: make gitleaks scan repository contents #2

Workflow file for this run

name: Security
on:
pull_request:
push:
branches: [master, main]
schedule:
- cron: "17 3 * * 1"
permissions:
contents: read
security-events: write
jobs:
secret-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run gitleaks filesystem scan
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_ENABLE_COMMENTS: false
with:
args: detect --source . --no-git --redact -v --exit-code=2
dependency-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
- uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Audit Python dependencies
run: uvx pip-audit