26 lines
662 B
YAML
26 lines
662 B
YAML
name: Secrets Detection
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
branches:
|
|
- master
|
|
- next
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
secrets:
|
|
# The called reusable workflow declares these scopes; a narrower caller
|
|
# grant clamps its token and the secret-scanning check 403s into a warning.
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
issues: write
|
|
security-events: write
|
|
uses: ComposioHQ/.github/.github/workflows/secrets-detection.yml@a6c053d4cb1820a7a85bc7837efe47cc0a559e26 # master (#12: SHA-pinned actions)
|
|
secrets: inherit
|
|
with:
|
|
slack_channel: "buzz-security"
|