chore: added specific path

eclipse-tractusx · Nov 22, 2024 · ca0994d · ca0994d
1 parent 4d744db
commit ca0994d
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/release/trg-8/trg-8-03.md b/docs/release/trg-8/trg-8-03.md
@@ -22,15 +22,15 @@ Configure your GitHub Actions to include:
 - `schedule`: Schedule the workflow to run at least once a week with `0 0 * * 0`.
 - `push` and `pull_request`: Activate the workflow on both push and pull request events targeting the branch that contains the code for the currently supported version, which may not necessarily be the main branch. This is the branch from which new releases will be made.
 
-Note: `extra_args: --filter-entropy=4 --results=verified,unknown`
+Note: `extra_args: --filter-entropy=4 --results=verified,unknown --only-verified`
 
-Including `extra_args: --filter-entropy=4 --results=verified,unknown` in the GitHub Actions workflow ensures that TruffleHog focuses on detecting high-entropy strings, which are more likely to be sensitive information such as passwords or API keys. This setup also instructs TruffleHog to report both verified secrets and potential but unverified secrets, providing a comprehensive security scan that helps identify and address all possible vulnerabilities in the code.
+Including `extra_args: --filter-entropy=4 --results=verified,unknown --only-verified` in the GitHub Actions workflow ensures that TruffleHog focuses on detecting high-entropy strings, which are more likely to be sensitive information such as passwords or API keys. This setup also instructs TruffleHog to report both verified secrets and potential but unverified secrets, providing a comprehensive security scan that helps identify and address all possible vulnerabilities in the code. The `--only-verified` flag reduces the appearance of false positives, because only the verified secrets will appear.
 
 Including `run: exit 1` in a step of a GitHub Actions workflow, as demonstrated below, commands the workflow to halt execution. This ensures that should TruffleHog uncover any secrets during its scan, the workflow promptly terminates in failure.
 
 GitHub Actions allows you to define workflows to automatically run TruffleHog scans on your code. You'll see the output that triggered the failure directly in the logs.
 
-Here’s how you can set it up:
+To comply with this TRG, simply create a file under the path: `.github/workflows/trufflehog.yaml` with the following content: 
 
 ```yml
 ###############################################################