SecretScanner icon indicating copy to clipboard operation
SecretScanner copied to clipboard
verified publisher icon deepfence

Scanning for Secrets in Envs

Open 53845714nF opened this issue 1 year ago • 1 comments

The tool should be able to find a Secret in Envs. For Example, for images that are produced from such Dockerfile:

FROM docker.io/library/python:3.8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

WORKDIR /app
COPY requirements.txt /app/
RUN pip install -r requirements.txt

ENV POSTGRES_HOST=database
ENV POSTGRES_USER=postgres
ENV POSTGRES_PASSWORD=postgres
ENV POSTGRES_DB=shopping_list

COPY . /app/

EXPOSE 8000
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]

It should report the Postgres password.

53845714nF avatar Jul 08 '24 17:07 53845714nF

Hi @53845714nF thanks for raising the issue. This seems like an valid feature.

ibreakthecloud avatar Jul 09 '24 05:07 ibreakthecloud