-
Douglas Lagemann authoredDouglas Lagemann authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
entrypoint.sh 1.15 KiB
#!/bin/bash
# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/find-unauthorized/base.yml
# Modified to run in local dev.
mkdir -p ${REPORTS_DIR}
rm -f ${REPORTS_DIR}/*
${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev"
REPORT_FILE=${REPORTS_DIR}/trufflehog_report.json
# enable shell globbing for recursive exclude matching. allows use of '**/*' format
shopt -s globstar
# set -x so we can see the real command being run
set -x
trufflehog3 -vvv --ignore-nosecret --format json --zero --no-history \
--exclude ${TRUFFLEHOG_EXCLUDE_PATHS} \
-r ${SCRIPTS_DIR}/rules.yml \
-o ${REPORT_FILE} \
${SCAN_DIR}
set +x
shopt -u globstar
trufflehog3 --version > ${REPORTS_DIR}/trufflehog_version.txt
python ${SCRIPTS_DIR}/trufflehog-gate-check.py "${REPORT_FILE}"
if [ "$?" == "0" ]; then
${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s pass -r pass
else
if [ -s "${REPORTS_DIR}/${CI_JOB_NAME}.out" ]; then
${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
fi
exit 1
fi