ci: ativar gitleaks

2026-05-08 10:24:59 +01:00
parent 6cc5359917
commit 10c81592c0
2 changed files with 6 additions and 6 deletions
@@ -12,11 +12,11 @@ jobs:
        with:
          fetch-depth: 0 # Necessário para o Gitleaks analisar histórico

-    # 1. SECRET SCANNING (Deteta chaves expostas no histórico e no código)
-      #- name: Gitleaks Scan
-      #  run: |
-      #    curl -sL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz | tar -xz -C /tmp
-      #    /tmp/gitleaks detect --source . --verbose --redact --exit-code 0
+      # 1. SECRET SCANNING (Deteta chaves expostas no histórico e no código)
+      - name: Gitleaks Scan
+        run: |
+          curl -sL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz | tar -xz -C /tmp
+          /tmp/gitleaks detect --source . --verbose --redact --exit-code 0

      # 2. SCA (Software Composition Analysis) - Verifica vulnerabilidades no Nginx
      - name: Scan Docker Image Vulnerabilities (Trivy)
@@ -8,7 +8,7 @@
 </head>
 <body class="bg-gray-50 text-gray-900 font-sans">
 <!-- TODO: Remover esta chave de teste antes de ir para produção -->
-gitleaks:allow
+
    <nav class="sticky top-0 bg-white/90 backdrop-blur-sm z-50 border-b border-gray-100 py-4 px-6 flex justify-between items-center">
        <div class="text-2xl font-black text-blue-700 tracking-tighter">NEXUS<span class="text-gray-400">.</span></div>
        <div class="hidden md:flex space-x-8 font-medium text-gray-600">