fix: trufflehog --only-verified (#286)

Recently multiple false positives reported for trufflehog v3: https://splunk.slack.com/archives/CRTNPEZ4M/p1717405810934429 Let's add --only-verified flag to callout to avoid multiple fp for now. Final solution need to be established/reviewed with prodsec. More info on secrets verification in trufflehog: https://trufflesecurity.com/blog/how-trufflehog-verifies-secrets Tests: https://github.com/splunk/splunk-add-on-for-microsoft-office-365/actions/runs/9399856169
splunk · Jun 10, 2024 · 0e9c5ba · 0e9c5ba
1 parent 2833a37
commit 0e9c5ba
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -267,7 +267,7 @@ jobs:
       - name: Secret Scanning Trufflehog
         uses: trufflesecurity/[email protected]
         with:
-          extra_args: -x .github/workflows/exclude-patterns.txt --json
+          extra_args: -x .github/workflows/exclude-patterns.txt --json --only-verified
           version: 3.77.0
 
   semgrep: