From 9b4066a6f9dd621bf336bf70029059d9ed312598 Mon Sep 17 00:00:00 2001
From: Jose Raul Barreras <barreras@unl.edu>
Date: Wed, 29 May 2019 17:41:27 -0500
Subject: [PATCH] add detect secrets

---
 Makefile                     |  9 ++++++++-
 detect-secrets/Dockerfile    | 26 ++++++++++++++++++++++++++
 detect-secrets/entrypoint.sh |  3 +++
 3 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 detect-secrets/Dockerfile
 create mode 100644 detect-secrets/entrypoint.sh

diff --git a/Makefile b/Makefile
index eea00f8..4c20545 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ BUILD_ARGS := --build-arg VCS_REF=$(GIT_COMMIT)
 
 .PHONY: all clean test $(DOCKERFILES) static-code-analysis mobile delete_dangling_images security publish
 
-all: php-lint php-unit-test magento2 mobile static-code-analysis
+all: php-lint php-unit-test magento2 mobile static-code-analysis detect-secrets
 
 # Image Groups
 ####################
@@ -97,6 +97,13 @@ $(DOCKERFILES):
 	@docker run --rm -i nimmis/label-inspector lint < $(@D)/Dockerfile
 	@docker run --rm -i nimmis/label-inspector validate < $(@D)/Dockerfile
 
+
+# detect-secrets
+# ##############
+detect-secrets: detect-secrets/Dockerfile
+	docker build $(BUILD_ARGS) -t ${REPO_ORG}/detect-secrets detect-secrets/
+
+
 #IMAGES_TO_SCAN = $(shell docker images --format '{{.Repository}}:{{.Tag}}' | grep unl-its )
 #security:
 #	@docker login -u ${TENABLE_IO_ACCESS_KEY} -p ${TENABLE_IO_SECRET_KEY} registry.cloud.tenable.com
diff --git a/detect-secrets/Dockerfile b/detect-secrets/Dockerfile
new file mode 100644
index 0000000..1c44f63
--- /dev/null
+++ b/detect-secrets/Dockerfile
@@ -0,0 +1,26 @@
+FROM python:3.7-alpine
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Detects secrets" \
+      org.label-schema.description="Docker image to detect secrets in a code base" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version="0.1.0" \
+      org.label-schema.schema-version="1.0" \
+      maintainer="J.R. Barreras <barreras@unl.edu>"
+
+WORKDIR /work
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache git && \
+	pip install detect-secrets
+
+COPY entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
+#ENTRYPOINT ["/usr/local/bin/detect-secrets"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+CMD ["/usr/local/bin/detect-secrets", "scan"]
diff --git a/detect-secrets/entrypoint.sh b/detect-secrets/entrypoint.sh
new file mode 100644
index 0000000..f38dad9
--- /dev/null
+++ b/detect-secrets/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+PARAM=${2:-scan}
+/usr/local/bin/detect-secrets ${PARAM}
-- 
GitLab