Skip to content
Snippets Groups Projects
Commit 3094f8d1 authored by Jose Raul Barreras's avatar Jose Raul Barreras
Browse files

improve doc

parent c4ca4056
No related branches found
No related tags found
4 merge requests!34develop to master,!18sync dependency-check with secrets-detection,!17Resolve "Add Dependency Check",!16Resolve "Add Automated Secrets Detection"
Hide whitespace changes
Inline Side-by-side
README.md
+ 1
1
View file @ 3094f8d1
...@@ -27,4 +27,4 @@ This file is automatically updated after execute `git commit` based on the conte ...@@ -27,4 +27,4 @@ This file is automatically updated after execute `git commit` based on the conte
- its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:python - its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:python
_Last update: Thu May 30 16:58:18 CDT 2019_ _Last update: Thu May 30 17:47:26 CDT 2019_
......
detect-secrets/Dockerfile
+ 1
2
View file @ 3094f8d1
...@@ -20,7 +20,6 @@ RUN apk update && apk upgrade && \ ...@@ -20,7 +20,6 @@ RUN apk update && apk upgrade && \
COPY entrypoint.sh /usr/local/bin/ COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh RUN chmod +x /usr/local/bin/entrypoint.sh
#ENTRYPOINT ["/usr/local/bin/detect-secrets"]
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/usr/local/bin/detect-secrets", "scan"] CMD ["/usr/local/bin/detect-secrets"]
detect-secrets/entrypoint.sh
+ 24
11
View file @ 3094f8d1
#!/bin/sh #!/bin/sh
set -e set -e
OPT=""
ENTROPY="4"
while [ -n "$1" ]; do while [ -n "$1" ]; do
case "$1" in case "$1" in
-s) -s)
OUTPUT=`/usr/local/bin/detect-secrets scan` OPT="scan"
echo ${OUTPUT} | jq
RESULT=`echo ${OUTPUT} | jq '.results | length == 0'`
if [ "${RESULT}" = "true" ]; then
exit 0
else
exit 1
fi
;;
*)
exec /bin/sh
;; ;;
-e)
shift
ENTROPY="$1"
;;
*)
echo "Invalid parameter(s)"
echo "Usage:"
echo "docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s -e 3"
echo ""
exit 2
esac esac
shift shift
done done
if [ ${OPT} = "scan" ]; then
OUTPUT=`/usr/local/bin/detect-secrets scan --base64-limit ${ENTROPY}`
echo ${OUTPUT} | jq
RESULT=`echo ${OUTPUT} | jq '.results | length == 0'`
if [ "${RESULT}" = "true" ]; then
exit 0
else
exit 1
fi
fi
examples/Detect-Secrets.md
+ 11
2
View file @ 3094f8d1
# Secrets detection example # Secrets detection example
## Parameters
| Argument | Description |
| :------- | :--------------------------- |
| -s | Scans the current directory |
| -e value | Entropy threshold (allowed randomness); Default value 4 |
## Detects secrets in the current project ## Detects secrets in the current project
- One 'analysis' stage with one job - One 'analysis' stage with one job
``` yml ``` yml
stages: stages:
- analysis - analysis
...@@ -11,5 +20,5 @@ variables: ...@@ -11,5 +20,5 @@ variables:
tags: tags:
- docker - docker
script: script:
- docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s - docker run --rm -v "${PWD}:/work" -w /work its-registry.unl.edu/unl-its/docker-ci/detect-secrets -s -e 4.5
``` ```
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment