Add gitleaks secret scanning to CI#3
Merged
Merged
Conversation
Scans full git history on every PR and push to main via gitleaks-action v2. Action pinned to immutable commit SHA per existing workflow conventions.
M1: Cap HTTP response bodies at 64 KiB and strip control characters
before embedding in error messages to prevent log injection and
unbounded diagnostics output.
M2: Validate the host provider attribute with url.Parse — require
https:// (http:// allowed for localhost only), reject any path or
query component. Add explicit TLS MinVersion=1.2 to http.Transport.
M3: Restrict 5xx retries to idempotent methods (GET/HEAD/PUT/DELETE)
so non-idempotent POSTs never duplicate on transient server errors.
Honor Retry-After header on 429 responses.
M4: Replace tflog.Warn in aws_account Delete with
resp.Diagnostics.AddWarning so the deregistration notice is visible
in terraform destroy output without requiring TF_LOG=WARN.
M5: Pin tfplugindocs from @latest to @v0.25.0 in the generate CI job
to restore supply-chain pinning lost in eafcff5.
Collaborator
|
LGTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Scans full git history on every PR and push to main via gitleaks-action v2. Action pinned to immutable commit SHA per existing workflow conventions.