chore: add @universe-ops and @Laboratory to CODEOWNERS #320
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Security Scan | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| security: | |
| uses: simple-container-com/actions/.github/workflows/security-scan.yml@0af5a697f24ea484991660619d0ae42d50343b9d # main | |
| permissions: | |
| contents: read | |
| with: | |
| # File-specific path excludes for fixtures/examples that intentionally | |
| # contain placeholder credentials in formats the scanner detects (raw | |
| # OpenSSH key bodies, GCP service-account JSON examples). Each line is | |
| # a TruffleHog Go regex, substring-matched against the full path. | |
| # Source-level placeholder replacements are preferred and have already | |
| # been applied for ~25 docs/test URIs in this PR. | |
| secret-scan-extra-excludes: | | |
| docs/docs/examples/.*/secrets\.yaml | |
| docs/docs/examples/secrets/.*/README\.md | |
| docs/docs/guides/parent-gcp-gke-autopilot\.md | |
| pkg/api/secrets/testdata/repo/ | |
| pkg/provisioner/testdata/ | |
| # Go module-checksum file. TruffleHog's CloudflareApiToken | |
| # detector pattern-matches against the base64 `h1:` hashes | |
| # in go.sum (PR #279 flagged a pulumi-cloudflare hash). | |
| # The hashes are SHA-256 of module contents, not credentials. | |
| go\.sum |