confluence.yml

name: "Confluence Secret Scan"

on:
  schedule:
    - cron: '0 13 * * 1'
  workflow_dispatch:

jobs:
  secret_scanning:
    permissions: write-all
    runs-on: [ubuntu-latest]
    steps:
      - name: Scan Confluence with n0s1-action
        uses: spark1security/n0s1-action@main
        env:
          JIRA_TOKEN: ${{ secrets.JIRA_TOKEN }}
        with:
          scan-target: 'confluence_scan'
          user-email: 'spark1tester@gmail.com'
          platform-url: 'https://spark1us.atlassian.net'
          report-format: "sarif"
          report-file: "confluence_secret_report.sarif"
      - name: Create JIRA tickets for n0s1 findings
        uses: GeorgeDavis-Ibexlabs/publish-sarif-to-jira@v0.0.13
        with:
          jira_cloud_url: "https://spark1us.atlassian.net"
          jira_auth_email: "spark1tester@gmail.com"
          jira_project_key: "DLP"
          jira_api_token: ${{ secrets.JIRA_TOKEN }}
          jira_default_issue_labels: "n0s1,credential-leak"
      - name: Display SARIF result
        run: |
          cat confluence_secret_report.sarif | jq | head -n 20
          cat confluence_secret_report.sarif | jq | tail -n 20
      - name: Upload scan report to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: "confluence_secret_report.sarif"