detect-secrets
detect-secrets copied to clipboard
Yelp
An enterprise friendly way of detecting and preventing secrets in code.
Lots of secrets are written like p455w0rd, or something else like that. I think this could be really involved. Just making this issue for some time in a future far...
In Yelp/detect-secrets-server#40 we got a report that a password in an XML tag called "password" was not detected. We can consider adding a regex to the keyword detector to detect...
Changelog for 0.13.0 indicates that after #247 the directive `NOPASSWD` should be excluded from results. However it seems that this is not the case. **Steps to reproduce:** - Create a...
https://github.com/Yelp/detect-secrets/pull/245/files#diff-f10cba071b66829c5d5a2fb33cfa3f53R121 only filters words ending with Id, from high-entropy plugin results. How much would filtering out `[(lower-case letter)Id(upper-case letter)]` would improve signal? for cases like e.g. `val someIdHere = "f10cba071b66829c5d5a2fb33cfa3f53R121"`
Through testing, true-positives for these have less entropy than other kinds of high entropy secrets. We should change our detection accordingly. The relevant code is in https://github.com/Yelp/detect-secrets/pull/223
Super long lines in the audit view can make the audit look bad because a single line will overflow the terminal and make the ~10 lines of code we normally...
We should mention that [we do not include verifiable secrets we are not able to verify in output](https://github.com/Yelp/detect-secrets/issues/238#issuecomment-533302853) without the `--no-verify` flag. Clarification: if no secret key is found next...
See this comment for context https://github.com/Yelp/detect-secrets/issues/238#issuecomment-532907500 but tl;dr is that we do not report them otherwise, so let's be consistent.
Currently, the output when scanning strings is text based, however I was wondering if we could consider adding a flag to output it as json, similar to when scanning a...
See this awesome issue and associated PR https://github.com/dxa4481/truffleHog/issues/168 (and https://github.com/dxa4481/truffleHog/pull/174) from @Seancarpenter