Option to run the secret scanning on a branch

[writemevm]

Option to run the secret scanning on a branch. Is it possible to run this action against a branch instead of PR ?

[felickz]

Not currently:

secret-scanning-review-action/action.ps1

Lines 126 to 133 in 690e731

	#get the pull request number from the GITHUB_REF environment variable
	if ($env:GITHUB_REF -match 'refs/pull/([0-9]+)') {
	$PullRequestNumber = $matches[1]
	}
	else {
	#https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
	Set-ActionFailed -Message "Action workflow must be run on 'pull_request'. GITHUB_REF is not set to a pull request number"
	}

The initial idea of the action was to provide additional information in code review on secrets locations introduced on the PR. How would you envision this working for branch based detection? The list of secrets that are present on a branch may be exhaustive (as is git history). One viable solution might be to use a base/head compare to show which secrets are newly detected compared to the base. This would echo how the dependency-review-action behaves as well:
https://github.com/actions/dependency-review-action/blob/0659a74c94536054bfa5aeb92241f70d680cc78e/action.yml#L25-L30

The base git ref to be used for this check. Has a default value when the workflow event is pull_request or pull_request_target. Must be provided otherwise.