ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebd29176d06d8aa81b774c986fd821d3a8f25219
agentguard-ci/docs/plans/phase2-step1-trufflehog.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

850 B
Raw Blame History

Implementation Plan: TruffleHog Scanner

Objective

Implement the TruffleHog secrets scanning step as a parallel task in the DAG.

Requirements

  • Define a task template named scan-trufflehog.
  • Depend on the clone-repo task.
  • Mount the shared PVC at /workspace.
  • Run TruffleHog against the /workspace directory.
  • Configure TruffleHog to output its findings in JSON or SARIF format.
  • Save the output to /workspace/reports/trufflehog.json (or .sarif).
  • Ensure the task exits successfully (exit code 0) even if secrets are found, so the pipeline can proceed to the aggregation step (Phase 3). (Use continueOn or ignoreError or a wrapper script like trufflehog ... || true).

Agent Instructions

  1. Add the scan-trufflehog template to the ClusterWorkflowTemplate.
  2. Wire it into the DAG alongside the other scanners.
Reference in New Issue View Git Blame Copy Permalink