detect-secrets
detect-secrets copied to clipboard
Yelp
An enterprise friendly way of detecting and preventing secrets in code.
Since audit expects a secret to only be on one line, it can't find yaml multi-line strings. Relevant code snippet: https://github.com/Yelp/detect-secrets/blob/17918d8fa7d49b56be8823c87be5c659ad2426a7/detect_secrets/core/audit.py#L604-L617 In 0.12.4 and before, this was fine because then...
In #208 we intentionally regressed and began scanning the whole file in analyze for every secret, as opposed to just the line of the secret. `analyze` right now is fast...
There is the very rare valid secret in the form of ``` foo bar HIGH-ENTROPY ``` or just ``` HIGH-ENTROPY ``` etc. where there are no quotes. We [currently require...
Auditing can be quite tedious on large repos, especially since we still have issues like high-entropy alerting off every line in between `begin private key` and `end key`. This should...
Supporting standard input on audit mode would make detect-secrets pipe-able and a little more Unix-like. I thought about this while commenting on #198... If I just want to audit the...
Create a one executable bundle release in order to allow developers to easily work with `detect-secrets-hook` in different operating systems, which may or may not have python pre-install, and may...
There was a recent white paper released ([summary](https://blog.acolyer.org/2019/04/08/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/), [source](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf)). What's most interesting is on page 15, they list a variety of explicit regexes that we may be able to incorporate...
Raising this as a parallel issue to one I opened today in the IBM fork. # Context @jribm raised a point while I was working on #156 that, under our...
We output the same thing over and over again e.g. for one repo, running `pre-commit run detect-secrets --all-files` outputs: ``` Detect secrets...........................................................Failed hookid: detect-secrets Files were modified by this hook....
While trying out detect-secrets for the first time today, I noticed the term 'secret_key' is not present in the keyword plugin (see https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/keyword.py#L38). This means it doesn't find the very...
