require-secret-scan-schedule
Rule catalog ID: R106
Targeted pattern scopeโ
Workflows that use supported secret-scanning actions.
What this rule reportsโ
This rule reports secret-scanning workflows that do not define a schedule trigger.
Why this rule existsโ
Scheduled secret scanning catches leaks even when no recent pull request or push event happens on the affected branch.
โ Incorrectโ
on: [pull_request]
โ Correctโ
on:
pull_request:
schedule:
- cron: "12 4 * * *"
Additional examplesโ
This rule does not enforce a particular cron expression, only that periodic scanning exists.
ESLint flat config exampleโ
import githubActions from "eslint-plugin-github-actions-2";
export default [githubActions.configs.security];
When not to use itโ
Disable this rule if scheduled secret scanning is handled outside GitHub Actions.