trufflehog icon indicating copy to clipboard operation
trufflehog copied to clipboard
verified publisher icon trufflesecurity

Show file path on findings in github action

Open eric-price opened this issue 1 year ago • 4 comments

Description

It would be nice to have the Github action workflow show the file and possibly the line number on each finding like the CLI tool does. The engineers who see the findings don't know where to look without running the scan locally again to get the file path and line number.

Preferred Solution

Would be nice to have an output like this when I run: trufflehog git file://. --branch develop --filter-unverified --github-actions Output:

::warning file=src/app/env.yml,line=41,endLine=41::Found verified Postmark result 🐷🔑
::warning file=src/app/env.yml,line=70,endLine=70::Found verified Postmark result 🐷🔑
::warning file=.github/workflows/sonarqube-analysis.yml,line=71,endLine=71::Found unverified SonarCloud result 🐷🔑

Additional Context

Screenshot of output in Github actions:

Screenshot 2024-07-24 at 9 56 53 AM

eric-price avatar Jul 24 '24 17:07 eric-price

Hey, i found out that the results are present in the Summary section of the github actions

image

Noman-Aziz avatar Aug 06 '24 10:08 Noman-Aziz

Wow, I must have skipped the summary page and went directly to the job run. Thanks for pointing this out! This can be resolved.

eric-freewill avatar Aug 07 '24 15:08 eric-freewill

I don't see mine any annotations even though the logs show that it has detected a secret. Maybe some permissions are missing?

noel-cashrewards avatar Aug 13 '24 01:08 noel-cashrewards

just stumbled over this, I find it very confusing behavior (not having the file / path show up in the logs)

gz avatar Sep 18 '25 23:09 gz