File tree Expand file tree Collapse file tree 2 files changed +1
-14
lines changed
Expand file tree Collapse file tree 2 files changed +1
-14
lines changed Original file line number Diff line number Diff line change @@ -51,10 +51,6 @@ inputs:
5151 target :
5252 description : " Set the target build stage to build"
5353 required : false
54- fail-on-secrets-found :
55- description : " Fail the build if secrets are found in the image."
56- required : false
57- default : true
5854 snyk-enabled :
5955 description : " Enable Snyk scan step. Set to true to run Snyk scan."
6056 required : false
@@ -147,8 +143,6 @@ runs:
147143
148144 - name : Scan docker image with TruffleHog
149145 id : scan-docker-image
150- env :
151- FAIL_ON_SECRETS_FOUND : ${{ inputs.fail-on-secrets-found }}
152146 shell : bash
153147 run : |
154148 python $GITHUB_ACTION_PATH/docker-image-scanner.py --image ${{ runner.temp }}/local-docker-image.tar
Original file line number Diff line number Diff line change 77
88from typing import List , Dict
99
10- FAIL_ON_SECRETS_FOUND = os .getenv ("FAIL_ON_SECRETS_FOUND" , "false" ).lower () == "true"
11-
1210
1311def format_image_path (image_path : str ) -> str :
1412 """Format the image path to use file:/// prefix with absolute path."""
@@ -113,15 +111,10 @@ def main():
113111 print (
114112 f"Found unverified secret { redacted_secret } in file={ file } layer={ layer } "
115113 )
116-
117- # If secrets are found and FAIL_ON_SECRETS_FOUND is true, exit with error
118- print ("Secrets found in the image! 🚨" )
119- sys .exit (1 if FAIL_ON_SECRETS_FOUND else 0 )
114+ sys .exit (1 )
120115 else :
121- print ("No secrets found in the image! 🚀" )
122116 sys .exit (0 )
123117
124118
125119if __name__ == "__main__" :
126- print (f"Should fail on secrets found? { FAIL_ON_SECRETS_FOUND } " )
127120 main ()
You can’t perform that action at this time.
0 commit comments