lirantal / docker-detect-secrets Goto Github PK
View Code? Open in Web Editor NEWA docker image for Yelp's docker-secrets python application
License: Apache License 2.0
A docker image for Yelp's docker-secrets python application
License: Apache License 2.0
The Yelp's detect-secrets tool allow the use of --word-list flag to pass a file with words to be ignored, but this flag requires the installation of pyahocorasick
, which could be done by:
pip install detect-secrets[word_list]
My suggestion is to replace the current pip install with the one above, allowing people to use the --word-list
flag.
Hello there. I've been trying to implement this solution in my project using Husky but I'm having a hard time with the setup.
I know the readme says:
The current directory is assumed to be the .git root directory
But can the current directory be something different?
This is the structure of my project:
project
│ .secrets.baseline
│
└───.husky
│ │ pre-commit
│ │ commit-msg
│
└───frontend
│ │ somefile1.js
│ │ somefile2.ts
│ │ ...
│
└───backend
│ somefile3.js
│ somefile4.js
What I have in my pre-commit
file is this:
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"
npx lint-staged
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"
The npx lint-staged
line is working fine but the second one:
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "*"
Is giving me this output:
[scan] INFO Skipping "*" due to `detect_secrets.filters.common.is_invalid_file`
I also tested passing a full path
and also a relative path
but same result:
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "frontend/somefile1.js"
[scan] INFO Skipping "frontend/somefile1.js" due to `detect_secrets.filters.common.is_invalid_file`
What am I doing wrong?
Can this project structure have this working?
I would really appreciate the help.
Versions:
If I run the image with /bin/bash
as entrypoint and run detect-secrets --version
, it shows the version 1.0.3, which is not the latest version of detect-secrets.
The pip install detect-secrets
command should install the latest version.
To add some information:
When I run pip list -o
, pip recognizes the package as outdated:
Thanks for the great work,
I saw this package and want to utilize this
https://hub.docker.com/r/lirantal/detect-secrets/tags
As I can see in the docker hub, the available tag is latest
main
and nightly
It will be super if version could be specified
I am having issues with ignoring yarn v2 lock files and I want to use --exclude-files
feature.
✔ eslint .
✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock
git add
✖ detect-secrets-launcher --baseline .secrets-baseline --exclude-files *.lock found some errors. Please fix them and try committing again.
usage: detect-secrets-hook [-h] [-v] [--version] [--baseline BASELINE]
[--exclude-lines EXCLUDE_LINES]
[--word-list WORD_LIST_FILE] [--use-all-plugins]
[-n] [--base64-limit [BASE64_LIMIT]]
[--hex-limit [HEX_LIMIT]] [--no-private-key-scan]
[--no-softlayer-scan] [--no-aws-key-scan]
[--no-basic-auth-scan] [--no-slack-scan]
[--no-keyword-scan] [--no-artifactory-scan]
[--no-stripe-scan] [--no-jwt-scan]
[--no-mailchimp-scan] [--no-base64-string-scan]
[--no-hex-string-scan]
[--keyword-exclude KEYWORD_EXCLUDE]
[filenames [filenames ...]]
detect-secrets-hook: error: unrecognized arguments: --exclude-files
husky > pre-commit hook failed (add --no-verify to bypass)
https://github.com/Yelp/detect-secrets/blob/master/CHANGELOG.md#tada-new-features
Can we update to v1? I'm not sure whether I can actually do something from my side.
The docker box is running on .12.4
$ detect-secrets --version
0.12.4
Could we rebuild and repush the image to use version 0.13?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.