Skip to content

Commit

Permalink
Merge pull request #75 from enamkhan/addDetectSecrets
Browse files Browse the repository at this point in the history
Added config for Detect Secrets
  • Loading branch information
ledina authored May 8, 2024
2 parents 5349fd2 + fd2b61c commit 8b826ea
Show file tree
Hide file tree
Showing 2 changed files with 127 additions and 0 deletions.
21 changes: 21 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# This is an example configuration to enable detect-secrets in the pre-commit hook.
# Add this file to the root folder of your repository.
#
# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
#
# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase.
repos:
- repo: https://github.com/ibm/detect-secrets
# If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
# You are encouraged to use static refs such as tags, instead of branch name
#
# Running "pre-commit autoupdate" automatically updates rev to latest tag
rev: 0.13.1+ibm.61.dss
hooks:
- id: detect-secrets # pragma: whitelist secret
# Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
# You may also run `pre-commit run detect-secrets` to preview the scan result.
# when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
# when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
# add "--fail-on-unaudited" to fail pre-commit for unaudited potential secrets
args: [--baseline, .secrets.baseline, --use-all-plugins]
106 changes: 106 additions & 0 deletions .secrets.baseline
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
{
"exclude": {
"files": "^.secrets.baseline$",
"lines": null
},
"generated_at": "2024-05-03T14:24:02Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
},
{
"name": "ArtifactoryDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"base64_limit": 4.5,
"name": "Base64HighEntropyString"
},
{
"name": "BasicAuthDetector"
},
{
"name": "BoxDetector"
},
{
"name": "CloudantDetector"
},
{
"ghe_instance": "github.ibm.com",
"name": "GheDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"hex_limit": 3,
"name": "HexHighEntropyString"
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "JwtTokenDetector"
},
{
"keyword_exclude": null,
"name": "KeywordDetector"
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"results": {
".github/workflows/maven-build.yml": [
{
"hashed_secret": "87ddb19c18c56534a4011f47f38530f6df9a8a80",
"is_secret": false,
"is_verified": false,
"line_number": 21,
"type": "Secret Keyword",
"verified_result": null
}
],
".github/workflows/maven-scheduled-build.yml": [
{
"hashed_secret": "87ddb19c18c56534a4011f47f38530f6df9a8a80",
"is_secret": false,
"is_verified": false,
"line_number": 23,
"type": "Secret Keyword",
"verified_result": null
}
]
},
"version": "0.13.1+ibm.61.dss",
"word_list": {
"file": null,
"hash": null
}
}

0 comments on commit 8b826ea

Please sign in to comment.