Giter Club home page Giter Club logo

docker-detect-secrets's Issues

Run docker-detect-secrets in the root of a project using Husky.

Hello there. I've been trying to implement this solution in my project using Husky but I'm having a hard time with the setup.

I know the readme says:

The current directory is assumed to be the .git root directory

But can the current directory be something different?

This is the structure of my project:

project
│   .secrets.baseline
│
└───.husky
│   │   pre-commit
│   │   commit-msg
│   
└───frontend
│   │   somefile1.js
│   │   somefile2.ts
│   │   ...
│   
└───backend
    │   somefile3.js
    │   somefile4.js

What I have in my pre-commit file is this:

#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npx lint-staged
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"

The npx lint-staged line is working fine but the second one:

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"

Is giving me this output:

[scan]  INFO    Skipping "*" due to `detect_secrets.filters.common.is_invalid_file`

I also tested passing a full path and also a relative path but same result:

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "frontend/somefile1.js"

[scan]  INFO    Skipping "frontend/somefile1.js" due to `detect_secrets.filters.common.is_invalid_file`

What am I doing wrong?

Can this project structure have this working?

I would really appreciate the help.

Versions:

  • Husky: 8.0.0
  • Docker Desktop 4.9.1

pip is not installing latest version of detect-secrets

If I run the image with /bin/bash as entrypoint and run detect-secrets --version, it shows the version 1.0.3, which is not the latest version of detect-secrets.

Captura de Tela 2021-05-05 às 16 25 05

The pip install detect-secrets command should install the latest version.

To add some information:
When I run pip list -o, pip recognizes the package as outdated:

Captura de Tela 2021-05-05 às 16 28 14

Update detect-secrets

I am having issues with ignoring yarn v2 lock files and I want to use --exclude-files feature.

   ✔ eslint .
      ✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock
        git add



✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock found some errors. Please fix them and try committing again.


usage: detect-secrets-hook [-h] [-v] [--version] [--baseline BASELINE]
                         [--exclude-lines EXCLUDE_LINES]
                         [--word-list WORD_LIST_FILE] [--use-all-plugins]
                         [-n] [--base64-limit [BASE64_LIMIT]]
                         [--hex-limit [HEX_LIMIT]] [--no-private-key-scan]
                         [--no-softlayer-scan] [--no-aws-key-scan]
                         [--no-basic-auth-scan] [--no-slack-scan]
                         [--no-keyword-scan] [--no-artifactory-scan]
                         [--no-stripe-scan] [--no-jwt-scan]
                         [--no-mailchimp-scan] [--no-base64-string-scan]
                         [--no-hex-string-scan]
                         [--keyword-exclude KEYWORD_EXCLUDE]
                         [filenames [filenames ...]]
detect-secrets-hook: error: unrecognized arguments: --exclude-files
husky > pre-commit hook failed (add --no-verify to bypass)

https://github.com/Yelp/detect-secrets/blob/master/CHANGELOG.md#tada-new-features

Can we update to v1? I'm not sure whether I can actually do something from my side.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.