Skip to content

Update dependency litellm to v1.91.0 #282

Update dependency litellm to v1.91.0

Update dependency litellm to v1.91.0 #282

Workflow file for this run

# Server-side secret scanning that uses NO third-party Actions, so it runs
# under the IBM org policy "Allow IBM, and select non-IBM, actions".
# Only actions/checkout (GitHub-created, already allowed) is used; the scanners
# are installed via plain shell steps, which the org action policy does not gate.
# Place this file at: .github/workflows/secret-scan.yml
name: Secret Scan
on:
push:
branches: ['**']
pull_request:
branches: ['**']
schedule:
- cron: '0 6 * * 1' # weekly full-history sweep, Mondays 06:00 UTC
permissions:
contents: read
jobs:
gitleaks:
name: Gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0 # full history so the scan covers all commits
- name: Install gitleaks
run: |
VERSION=8.21.2
curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v${VERSION}/gitleaks_${VERSION}_linux_x64.tar.gz" \
| tar -xz -C /usr/local/bin gitleaks
gitleaks version
- name: Run gitleaks
run: gitleaks detect --source . --redact --verbose
# gitleaks auto-loads .gitleaks.toml from the repo root and
# exits non-zero if any secret is found, failing the check.
trufflehog:
name: TruffleHog
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
with:
fetch-depth: 0
- name: Install trufflehog
run: |
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \
| sh -s -- -b /usr/local/bin v3.82.6
trufflehog --version
- name: Run trufflehog
run: trufflehog git "file://." --results=verified --fail
# --fail makes the job exit non-zero when verified/unknown secrets are found.