name: 'TruffleHog OSS' description: 'Scan Github Actions with TruffleHog' author: Truffle Security Co. inputs: path: description: Repository path required: true base: description: Start scanning from here (usually main branch). required: false default: '' head: description: Scan commits until here (usually dev branch). required: false extra_args: default: '' description: Extra args to be passed to the trufflehog cli. required: false branding: icon: "shield" color: "green" runs: using: "docker" image: "docker://ghcr.io/trufflesecurity/trufflehog:latest" args: - git - file://${{ inputs.path }} - --since-commit - ${{ inputs.base }} - --branch - ${{ inputs.head }} - --fail - --no-update - --github-actions - ${{ inputs.extra_args }}