Giter Club home page Giter Club logo

docker-detect-secrets's Introduction

About

A docker image to enable invoking of Yelp's detect-secrets hook command without having to install the python package.

This image is deployed to Docker Hub at: https://hub.docker.com/r/lirantal/detect-secrets

Usage

Detecting secrets in a project

Runs the detect-secrets-hook command for a given git project, with the following options:

  • The current directory is assumed to be the .git root directory and so the volume mounts pwd to the container's /usr/src/app directory
  • src/index.js and src/component.js are files for which will be tested for secrets
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"

Detecting secrets in a project that has a baseline

If a project has a previously created .secrets-baseline it can be passed as a command argument to the container:

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"

Detecting secrets in a monorepo style project

For projects which exhibit a structure such as:

| app
  |_ .git/
  |_ client/
  |_ server/
       |_ .secrets-baseline

it is required to tweak the execution of detect-secrets-hook when it runs in the container image to simulate the exact scenario of it running inside the nested server/ directory, while mounting the top level application directory:

docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"

Developing

Building the image from the Dockerfile and then you may execute it locally:

docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .

Author

Liran Tal [email protected]

docker-detect-secrets's People

Contributors

belaaiza avatar lirantal avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

belaaiza peakon ubaidbaig-10p

docker-detect-secrets's Issues

Update detect-secrets

I am having issues with ignoring yarn v2 lock files and I want to use --exclude-files feature.

   ✔ eslint .
      ✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock
        git add



✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock found some errors. Please fix them and try committing again.


usage: detect-secrets-hook [-h] [-v] [--version] [--baseline BASELINE]
                         [--exclude-lines EXCLUDE_LINES]
                         [--word-list WORD_LIST_FILE] [--use-all-plugins]
                         [-n] [--base64-limit [BASE64_LIMIT]]
                         [--hex-limit [HEX_LIMIT]] [--no-private-key-scan]
                         [--no-softlayer-scan] [--no-aws-key-scan]
                         [--no-basic-auth-scan] [--no-slack-scan]
                         [--no-keyword-scan] [--no-artifactory-scan]
                         [--no-stripe-scan] [--no-jwt-scan]
                         [--no-mailchimp-scan] [--no-base64-string-scan]
                         [--no-hex-string-scan]
                         [--keyword-exclude KEYWORD_EXCLUDE]
                         [filenames [filenames ...]]
detect-secrets-hook: error: unrecognized arguments: --exclude-files
husky > pre-commit hook failed (add --no-verify to bypass)

https://github.com/Yelp/detect-secrets/blob/master/CHANGELOG.md#tada-new-features

Can we update to v1? I'm not sure whether I can actually do something from my side.

pip is not installing latest version of detect-secrets

If I run the image with /bin/bash as entrypoint and run detect-secrets --version, it shows the version 1.0.3, which is not the latest version of detect-secrets.

Captura de Tela 2021-05-05 às 16 25 05

The pip install detect-secrets command should install the latest version.

To add some information:
When I run pip list -o, pip recognizes the package as outdated:

Captura de Tela 2021-05-05 às 16 28 14

Run docker-detect-secrets in the root of a project using Husky.

Hello there. I've been trying to implement this solution in my project using Husky but I'm having a hard time with the setup.

I know the readme says:

The current directory is assumed to be the .git root directory

But can the current directory be something different?

This is the structure of my project:

project
│   .secrets.baseline
│
└───.husky
│   │   pre-commit
│   │   commit-msg
│   
└───frontend
│   │   somefile1.js
│   │   somefile2.ts
│   │   ...
│   
└───backend
    │   somefile3.js
    │   somefile4.js

What I have in my pre-commit file is this:

#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npx lint-staged
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"

The npx lint-staged line is working fine but the second one:

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"

Is giving me this output:

[scan]  INFO    Skipping "*" due to `detect_secrets.filters.common.is_invalid_file`

I also tested passing a full path and also a relative path but same result:

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "frontend/somefile1.js"

[scan]  INFO    Skipping "frontend/somefile1.js" due to `detect_secrets.filters.common.is_invalid_file`

What am I doing wrong?

Can this project structure have this working?

I would really appreciate the help.

Versions:

  • Husky: 8.0.0
  • Docker Desktop 4.9.1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.