trufflehog In Github actions, Tufflehog flags the SHA pin of a Cloudflare action as an unverified Cloudflare secret

In Github actions, Tufflehog flags the SHA pin of a Cloudflare action as an unverified Cloudflare secret

Open nishils opened this issue 5 months ago • 1 comments

Please review the Community Note before submitting

TruffleHog Version

latest via the docker registry

Trace Output

Expected Behavior

Do not flag cloudflare actions that are SHA pinned as issues.

Actual Behavior

Found unverified result 🐷🔑❓
Detector Type: CloudflareApiToken
Decoder Type: PLAIN
Raw result: f84a562284fc78278ff90525d9526f9c718361
Commit: <redacted>
Email: <redacted>
File: .github/workflows/test.yml
Line: 29
Repository: <redacted>
Timestamp: 2024-09-03 23:11:59 +0000

Steps to Reproduce

            - name: Publish
              uses: cloudflare/wrangler-action@f84a562284fc78278ff9052435d9526f9c718361

Have a cloudflare action like the above and the SHA pin will get flagged as an unverified Cloudflare secret

Environment

Github CI/Docker

Additional Context

References

#0000

Sep 04 '24 17:09 nishils

trufflehog trufflehog copied to clipboard

In Github actions, Tufflehog flags the SHA pin of a Cloudflare action as an unverified Cloudflare secret

TruffleHog Version

Trace Output

Expected Behavior

Actual Behavior

Steps to Reproduce

Environment

Additional Context

References

trufflehog
trufflehog copied to clipboard