From 39dc802d4d59adf256570e1106f78b0881d1f76a Mon Sep 17 00:00:00 2001 From: Rohan Krishnamurthy Date: Thu, 27 Jun 2024 14:24:10 +0200 Subject: [PATCH] Update trg-8-03.md --- docs/release/trg-8/trg-8-03.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/release/trg-8/trg-8-03.md b/docs/release/trg-8/trg-8-03.md index aed7e44dcc9..e3319d3638c 100644 --- a/docs/release/trg-8/trg-8-03.md +++ b/docs/release/trg-8/trg-8-03.md @@ -19,14 +19,14 @@ Detecting and removing these secrets is crucial for maintaining the security of Configure your GitHub Actions to include: - `workflow dispatch`: Manual workflow execution. -- `schedule`: Schedule the workflow to run at least once a week with 0 0 * * 0. +- `schedule`: Schedule the workflow to run at least once a week with `0 0 * * 0`. - `push` and `pull_request`: Activate the workflow on both push and pull request events targeting the branch that contains the code for the currently supported version, which may not necessarily be the main branch. This is the branch from which new releases will be made. -Note: extra_args: --filter-entropy=4 --results=verified,unknown +Note: `extra_args: --filter-entropy=4 --results=verified,unknown` -Including extra_args: --filter-entropy=4 --results=verified,unknown in the GitHub Actions workflow ensures that TruffleHog focuses on detecting high-entropy strings, which are more likely to be sensitive information such as passwords or API keys. This setup also instructs TruffleHog to report both verified secrets and potential but unverified secrets, providing a comprehensive security scan that helps identify and address all possible vulnerabilities in the code. +Including `extra_args: --filter-entropy=4 --results=verified,unknown` in the GitHub Actions workflow ensures that TruffleHog focuses on detecting high-entropy strings, which are more likely to be sensitive information such as passwords or API keys. This setup also instructs TruffleHog to report both verified secrets and potential but unverified secrets, providing a comprehensive security scan that helps identify and address all possible vulnerabilities in the code. -Including run: exit 1 in a step of a GitHub Actions workflow, as demonstrated below, commands the workflow to halt execution. This ensures that should TruffleHog uncover any secrets during its scan, the workflow promptly terminates in failure. +Including `run: exit 1` in a step of a GitHub Actions workflow, as demonstrated below, commands the workflow to halt execution. This ensures that should TruffleHog uncover any secrets during its scan, the workflow promptly terminates in failure. GitHub Actions allows you to define workflows to automatically run TruffleHog scans on your code. You'll see the output that triggered the failure directly in the logs.