detect-secrets-server icon indicating copy to clipboard operation
detect-secrets-server copied to clipboard

Published 20 hours ago verified publisher icon Yelp

Add ability to scan multiple repositories at once

Open domanchi opened this issue 6 years ago • 7 comments

Context

If you want to manually scan more than one repository at once, you need to do them in separate invocations.

$ detect-secrets-server scan https://github.com/Yelp/detect-secrets
$ detect-secrets-server scan https://github.com/Yelp/detect-secrets-server

It would be convenient if you could specify more than one repository inline.

$ detect-secrets-server scan https://github.com/Yelp/detect-secrets https://github.com/Yelp/detect-secrets-server

This way, you could chain it with other CLI tools.

$ detect-secrets-server list | xargs detect-secrets-server scan

Proposed Fix

As described above.

domanchi avatar Jan 10 '19 18:01 domanchi

I found myself trying to scan passing in the same config file I used to add. Seems like that should be sufficient?

chetmancini avatar Apr 01 '19 21:04 chetmancini

@chetmancini : which version of detect-secrets-server are you referring to? I think v0.1 supported config files in scan, but not v0.2 IIRC.

domanchi avatar Apr 01 '19 22:04 domanchi

Interesting. I'm using the latest version. I'm brand new and am trying to setup this up first time to scan multiple repos. I'm still getting up to speed but will see if I can help enhance anything down the road.

chetmancini avatar Apr 02 '19 16:04 chetmancini

How curious.

Could you provide your example invocation for posterity?

domanchi avatar Apr 02 '19 17:04 domanchi

Sure. I was thinking I could pass the repos.yaml file as the parameter to scanning, so you could have your configuration passed directly into the scan process.

# add them
$ detect-secrets-server add --config examples/repos.yaml
# scan them
$ detect-secrets-server scan --config examples/repos.yaml

chetmancini avatar Apr 03 '19 21:04 chetmancini

@domanchi Any update on multiple repo scanning in 0.2? eagerly awaiting this enhancement

akshayatplivo avatar Jul 04 '19 08:07 akshayatplivo

@chetmancini : Ah yes, that was the original intent. Since this is a server-side tool, configuration files allow source controlled declaration of repositories to scan. I agree that feature is a "nice-to-have", rather than a much needed improvement due to this.

@akshayatplivo : You're always welcome to help contribute to this repository! My bandwidth is quite limited to work on this, but I had previously flagged this as a good first issue, so maybe this is a good opportunity to get your feet wet. 😃

domanchi avatar Jul 08 '19 14:07 domanchi