ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df10609df54da4e5209c18c03ba8f7cf15a16277
agentguard-ci/docs/plans/phase2-step1-trufflehog.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

18 lines
850 B
Markdown
Raw Blame History

# Implementation Plan: TruffleHog Scanner
## Objective
Implement the TruffleHog secrets scanning step as a parallel task in the DAG.
## Requirements
- Define a task template named `scan-trufflehog`.
- Depend on the `clone-repo` task.
- Mount the shared PVC at `/workspace`.
- Run TruffleHog against the `/workspace` directory.
- Configure TruffleHog to output its findings in JSON or SARIF format.
- Save the output to `/workspace/reports/trufflehog.json` (or `.sarif`).
- Ensure the task exits successfully (exit code 0) even if secrets are found, so the pipeline can proceed to the aggregation step (Phase 3). (Use `continueOn` or `ignoreError` or a wrapper script like `trufflehog ... || true`).
## Agent Instructions
1. Add the `scan-trufflehog` template to the `ClusterWorkflowTemplate`.
2. Wire it into the DAG alongside the other scanners.
Reference in New Issue View Git Blame Copy Permalink