From 3094f8d186e6d0fc5d5facc00a41951316c20a8d Mon Sep 17 00:00:00 2001
From: Jose Raul Barreras <barreras@unl.edu>
Date: Thu, 30 May 2019 17:47:26 -0500
Subject: [PATCH] improve doc

---
 README.md                    |  2 +-
 detect-secrets/Dockerfile    |  3 +--
 detect-secrets/entrypoint.sh | 35 ++++++++++++++++++++++++-----------
 examples/Detect-Secrets.md   | 13 +++++++++++--
 4 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index d164291..7ad8b23 100644
--- a/README.md
+++ b/README.md
@@ -27,4 +27,4 @@ This file is automatically updated after execute `git commit` based on the conte
  - its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:python 
     
 
-
_Last update: Thu May 30 16:58:18 CDT 2019_
+
_Last update: Thu May 30 17:47:26 CDT 2019_
diff --git a/detect-secrets/Dockerfile b/detect-secrets/Dockerfile
index 51e07de..390f8c3 100644
--- a/detect-secrets/Dockerfile
+++ b/detect-secrets/Dockerfile
@@ -20,7 +20,6 @@ RUN apk update && apk upgrade && \
 
 COPY entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/entrypoint.sh
-#ENTRYPOINT ["/usr/local/bin/detect-secrets"]
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 
-CMD ["/usr/local/bin/detect-secrets", "scan"]
+CMD ["/usr/local/bin/detect-secrets"]
diff --git a/detect-secrets/entrypoint.sh b/detect-secrets/entrypoint.sh
index 1b946b7..0bbe5c0 100644
--- a/detect-secrets/entrypoint.sh
+++ b/detect-secrets/entrypoint.sh
@@ -1,21 +1,34 @@
 #!/bin/sh
 set -e
 
+OPT=""
+ENTROPY="4"
 while [ -n "$1" ]; do
 	case "$1" in
     	-s)
-			OUTPUT=`/usr/local/bin/detect-secrets scan`
-			echo ${OUTPUT} | jq
-			RESULT=`echo ${OUTPUT} | jq '.results | length == 0'`
-	        if [ "${RESULT}" = "true" ]; then
- 		       exit 0
-        	else
-		       exit 1
-    	    fi
-        ;;
-        *)
-        	exec /bin/sh
+			OPT="scan"
         ;;
+		-e)
+			shift
+			ENTROPY="$1"
+			;;
+		*)
+			echo "Invalid parameter(s)"
+			echo "Usage:"
+			echo "docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s -e 3"
+			echo ""
+			exit 2
 	esac
 	shift
 done
+
+if [ ${OPT} = "scan" ]; then
+	OUTPUT=`/usr/local/bin/detect-secrets scan --base64-limit ${ENTROPY}`
+	echo ${OUTPUT} | jq
+	RESULT=`echo ${OUTPUT} | jq '.results | length == 0'`
+    if [ "${RESULT}" = "true" ]; then
+       exit 0
+   	else
+       exit 1
+    fi
+fi
diff --git a/examples/Detect-Secrets.md b/examples/Detect-Secrets.md
index 0ad75c9..42057ba 100644
--- a/examples/Detect-Secrets.md
+++ b/examples/Detect-Secrets.md
@@ -1,8 +1,17 @@
 # Secrets detection example
+
+## Parameters
+
+| Argument | Description		          |
+| :------- | :--------------------------- |
+| -s       | Scans the current directory  |
+| -e value | Entropy threshold (allowed randomness); Default value 4 |
+
+
 ## Detects secrets in the current project
 
 - One 'analysis' stage with one job
-  
+
 ``` yml
 stages:
   - analysis 
@@ -11,5 +20,5 @@ variables:
   tags:
     - docker
   script:
-    - docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s
+    - docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s -e 4.5
 ``` 
-- 
GitLab