Github | Password.txt

Add a step to your GitHub Actions, Jenkins, or GitLab CI that scans for secrets using gitleaks or truffleHog. If a secret is found, fail the build.

Example GitHub Actions workflow:

name: Scan for secrets
on: [push, pull_request]
jobs:
  secret-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run gitleaks
        uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: $ secrets.GITHUB_TOKEN

These open-source tools scan the entire commit history for high-entropy strings (like passwords): password.txt github

trufflehog git https://github.com/username/repo.git

A search for password.txt on GitHub returns thousands of results. Many are: Add a step to your GitHub Actions, Jenkins,

Despite GitHub’s warnings and security features, developers still push sensitive files. These open-source tools scan the entire commit history

Presence of such a file is a high-risk indicator because plain text credentials are easily discovered and abused.