add detect secrets

Makefile

@@ -20,7 +20,7 @@ BUILD_ARGS := --build-arg VCS_REF=$(GIT_COMMIT)
 
 .PHONY: all clean test $(DOCKERFILES) static-code-analysis mobile delete_dangling_images security publish
 
-all: php-lint php-unit-test magento2 mobile static-code-analysis
+all: php-lint php-unit-test magento2 mobile static-code-analysis detect-secrets
 
 # Image Groups
 ####################
@@ -97,6 +97,13 @@ $(DOCKERFILES):
 	@docker run --rm -i nimmis/label-inspector lint < $(@D)/Dockerfile
 	@docker run --rm -i nimmis/label-inspector validate < $(@D)/Dockerfile
 
+
+# detect-secrets
+# ##############
+detect-secrets: detect-secrets/Dockerfile
+	docker build $(BUILD_ARGS) -t ${REPO_ORG}/detect-secrets detect-secrets/
+
+
 #IMAGES_TO_SCAN = $(shell docker images --format '{{.Repository}}:{{.Tag}}' | grep unl-its )
 #security:
 #	@docker login -u ${TENABLE_IO_ACCESS_KEY} -p ${TENABLE_IO_SECRET_KEY} registry.cloud.tenable.com

detect-secrets/Dockerfile

+FROM python:3.7-alpine
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Detects secrets" \
+      org.label-schema.description="Docker image to detect secrets in a code base" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version="0.1.0" \
+      org.label-schema.schema-version="1.0" \
+      maintainer="J.R. Barreras <barreras@unl.edu>"
+
+WORKDIR /work
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache git && \
+	pip install detect-secrets
+
+COPY entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
+#ENTRYPOINT ["/usr/local/bin/detect-secrets"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+CMD ["/usr/local/bin/detect-secrets", "scan"]

detect-secrets/entrypoint.sh

+#!/bin/sh
+PARAM=${2:-scan}
+/usr/local/bin/detect-secrets ${PARAM}