mirror of
https://github.com/we-promise/sure.git
synced 2026-04-07 14:31:25 +00:00
0b1ed2e72a
Use `# pipelock:ignore Credential in URL` on the specific false positive line instead of excluding all of client.rb from scanning. The rest of the file is now scanned normally.
27 lines
523 B
YAML
27 lines
523 B
YAML
name: Pipelock Security Scan
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
security-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Pipelock Scan
|
|
uses: luckyPipewrench/pipelock@v1
|
|
with:
|
|
scan-diff: 'true'
|
|
fail-on-findings: 'true'
|
|
test-vectors: 'false'
|
|
exclude-paths: |
|
|
config/locales/views/reports/
|