Skip to content

Commit 39cda18

Browse files
j-luongj-luong
authored
chore: add secret scanning to CICD and pre-commits (#4720)
1 parent 853622b commit 39cda18

File tree

3 files changed

+93
-0
lines changed

3 files changed

+93
-0
lines changed

.circleci/config.yml

+7
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ orbs:
99
gh: circleci/[email protected]
1010
# https://circleci.com/developer/orbs/orb/circleci/go
1111
go: circleci/[email protected]
12+
# https://github.com/snyk/prodsec-orb
13+
prodsec: snyk/[email protected]
1214

1315
parameters:
1416
aws_version:
@@ -845,6 +847,11 @@ workflows:
845847
jobs:
846848
- build:
847849
name: Build
850+
- prodsec/secrets-scan:
851+
name: Scan repository for secrets
852+
context:
853+
- snyk-bot-slack
854+
channel: hammerhead-alerts
848855
- test-jest:
849856
filters:
850857
branches:

.gitleaksignore

+79
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
# add false positives here
2+
3+
650613a000fb704abddedd70780bc45a1f9b3829:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-only-response.json:generic-api-key:4
4+
047d6679bbe0ef64353edc53a421adf6567b6a9f:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-response.json:generic-api-key:4
5+
0dfa5118696eaff76a734bdd2dd6a4521b26a88d:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-response.json:generic-api-key:4
6+
8544c0610f94e4633dbb416b53e0400e2939024b:test/acceptance/fake-server.ts:generic-api-key:466
7+
72c565df4688e811b6d947078a3ceb2e990b3dcb:test/fixtures/fake-server/localhost-valid.key:private-key:1
8+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/acceptance/iac/describe.spec.ts:aws-access-token:181
9+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/acceptance/iac/describe.spec.ts:aws-access-token:186
10+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:48
11+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:67
12+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:68
13+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:69
14+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:35
15+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:93
16+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:100
17+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:107
18+
2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:284
19+
5fc7674c7c9aae0229736260c18ed6f89ce05c60:test/fixtures/fake-server/localhost-expired.key:private-key:1
20+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:17
21+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:41
22+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:48
23+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/acceptance/iac/update-exclude-policy.spec.ts:aws-access-token:62
24+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/acceptance/iac/update-exclude-policy.spec.ts:aws-access-token:64
25+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:349
26+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:351
27+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:364
28+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:366
29+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:378
30+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:380
31+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:399
32+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:401
33+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:416
34+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:430
35+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:444
36+
69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:446
37+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:17
38+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:41
39+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:48
40+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:17
41+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:41
42+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:48
43+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:179
44+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:186
45+
894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:202
46+
747ff52750a3f3460b42823ac96aab5829aae485:test/acceptance/fake-server.ts:generic-api-key:465
47+
947f1d6024bfd3b31be8f7d3c675d2d3baa60470:test/jest/unit/lib/ecosystems/resolve-monitor.facts.spec.ts:jwt:12
48+
bfa6493800fdef7915eaecdd200a5a31ba6aff5c:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:4
49+
d21cff7d7b100b4b9d999d5dfefda023d1780eb5:test/jest/unit/lib/ecosystems/resolve-test-facts.spec.ts:jwt:10
50+
1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/DeserializeTest.java:generic-api-key:82
51+
1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/JWTRefreshEndpoint.java:generic-api-key:48
52+
1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/JWTRefreshEndpoint.java:generic-api-key:49
53+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-update.resources.json:aws-access-token:93
54+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-no-op.resources.json:aws-access-token:107
55+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-no-op.resources.json:aws-access-token:129
56+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-create.json:aws-access-token:663
57+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:182
58+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:228
59+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:561
60+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:591
61+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:751
62+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:135
63+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:403
64+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:413
65+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:536
66+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:135
67+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:165
68+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:570
69+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:594
70+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:647
71+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:669
72+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1113
73+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1143
74+
ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1303
75+
67512541c7a706d214ccb13a26c09445cde7934e:test/cli-alert/src/index.ts:generic-api-key:89
76+
872e472bf1bf1aca3dfde5f13d2c89212aa64131:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:3
77+
cba65a3a91c64db2ee92c87e5972602b6c959586:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:3
78+
6380d9d4147491cadee99113701516ebb8242836:src/cli/commands/test/iac-local-execution/parsers/hcl2json.js:generic-api-key:9827
79+
c2de35484dcad696a6ee32f2fa317d5cfaffc133:test/fixtures/code/sample-analyze-folders-response.json:generic-api-key:3

.pre-commit-config.yaml

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See https://pre-commit.com for more information
2+
# See https://pre-commit.com/hooks.html for more hooks
3+
repos:
4+
- repo: https://github.com/gitleaks/gitleaks
5+
rev: v8.17.0
6+
hooks:
7+
- id: gitleaks

0 commit comments

Comments
 (0)