notebooks
notebooks copied to clipboard
Published
20 hours ago •
huggingface
huggingface
feat(ci): add trufflehog secrets detection
trafficstars
What does this PR do?
Adding a GH action to scan for leaked secrets on each commit.
Context
trufflehog will scan the commit that triggered the CI for any token leak. trufflehog works with a large number of what they call "detectors", each of which will read the text from the commit to see if there is match for a token. For example, the hugging face detector will check for hf tokens and then query our /api/whoami{-v2} endpoint to check if the token is valid. If it detects a valid token, the CI will fail, informing you that you need to rotate the token given it leaked.
References
- https://github.com/trufflesecurity/trufflehog
- https://github.com/marketplace/actions/trufflehog-oss
