detect-secrets | An enterprise friendly way of detecting and preventing secrets in code | Security library
kandi X-RAY | detect-secrets Summary
kandi X-RAY | detect-secrets Summary
detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Parse command line arguments
- Return a function to determine if the module is greater than the given version
- Load secrets collection from baseline
- Upgrade a baseline
- Argument parser
- Decorator to turn a string into a positive integer
- Return the root directory
- Migrate the filters
- Append a line to the current line
- Append a line to the stack
- Create a plugin from the given classname
- Migrate custom plugins
- Parse the flow mapping key
- Get a logger
- Compose a node
- Return a set of all tracked files in the given directory
- Execute detect - secrets scan
- Checks if the plugin is ignored
- Return whether the secret should be excluded
- Return a JSON representation of the plugins
- Audit action
- Parse a YAML file
- Handles a scan action
- Print timing information
- Returns a set of potential secrets that match the given line
- Pretty print diagnostics
- Format a scan result
detect-secrets Key Features
detect-secrets Examples and Code Snippets
docker-compose run git /bin/sh
git clone http://gitlab:8081/root/my-repo.git
cd my-repo
echo "no secrets here" > README.md
git add README.md
git commit -m "Update readme"
git push -u origin master
echo "AKIAIOSFODNN7EXAMPLE wJalrXUtnFEMI/K7MDE
$ make setup/git/hooks
# Ensure you have detect-secrets installed
$ pip3 install detect-secrets
# In the repository root, scan the repo for secrets and update the .secrets.baseline file.
$ detect-secrets scan --baseline .secrets.baseline
# Trigger
name: reviewdog
on: [pull_request]
jobs:
detect-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: detect-secrets
uses: reviewdog/action-detect-secrets@master
with:
github_token: ${{ secre
Community Discussions
Trending Discussions on detect-secrets
QUESTION
I'm evaluating detect-secrets and I'm not sure why I get different results from detect-secrets and the hook.
Here is a log of a simplification:
...ANSWER
Answered 2020-Oct-16 at 15:38This is definitely peculiar behavior, but after some investigation, I realize that you've stumbled upon an edge case of the tool.
tl;drHighEntropyStringPlugin
supports a limited set of characters (not including;
)- To reduce false positives,
HighEntropyStringPlugin
leverages the heuristic that strings are quoted in certain contexts. - To improve UI, inline string scanning does not require quoted strings.
Therefore, the functionality differs: when run through detect-secrets-hook
, it does not parse the string accordingly due to the existence of ;
. However, when run through detect-secrets scan --string
, it does not require quotes, and breaks the string up.
HighEntropyString tests are pretty noisy, if not aggressively pruned for false positives. One way it attempts to do this is via applying a rather strict regex (source), which requires it to be inside quotes. However, for certain contexts, this quoted requirement is removed (e.g. YAML files, and inline string scanning).
When this quoted requirement is removed, we get the following breakdown:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install detect-secrets
You can use detect-secrets like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page