Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(feat!) Security and Dockerize #1

Merged
merged 6 commits into from
Nov 29, 2024
Merged

(feat!) Security and Dockerize #1

merged 6 commits into from
Nov 29, 2024

Conversation

kameshsampath
Copy link
Contributor

  • RSA KeyPair Create
  • Update user's public key
  • Snowflake Config autogen
  • Dockerize config and bot
  • Add Warehouse creation
  • Handle /cleanup command

@kameshsampath
(fix): Setup User Keys
a67721f 
- WIP: reuse existing keys force = no
@kameshsampath
(refactor): remove streamlit
7ee8a84
@kameshsampath
(fix): working with existing keys
ce2ff48 
- use SHA256 hashed base64 fingerprints
- move log noise to debug
- load public key
@kameshsampath
(feat!): dockerized
c5e5a0b
@kameshsampath
(docs): WIP README
97985f4
@kameshsampath
(workflow): add images
140b4aa
@gitguardian GitGuardian
Copy link

gitguardian bot commented Nov 29, 2024

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
14676153 Triggered Generic Password a67721f src/tests/test_rsa_keypair_generator.py View secret
🛠 Guidelines to remediate hardcoded secrets

The above secret(s) have been detected in your PR. Please take an appropriate action for each secret:

  • If it’s a true positive, remove the secret from source code, revoke it and migrate to a secure way of storing and accessing secrets (see http://go/secrets-and-code). Once that’s done, go to the incidents page linked in the “GitGuardian id” column (log in using SnowBiz Okta) and resolve the incident.
  • If it’s a false positive, go to the incidents page linked in the “GitGuardian id” column (log in using SnowBiz Okta) and ignore the incident.
  • If you didn't add this secret - and only then - you may ignore this check as it's non-blocking. If you did add the secret and you ignore this check, you'll be assigned a "Security Finding" ticket in Jira in a few days.

Note:

  • A secret is considered leaked from the moment it touches GitHub. Rewriting git history by force pushing or other means is not necessary and doesn’t change the fact that the secret has to be revoked.
  • This check has a “Skip: false positive” button. Don’t use it. It will mark all detected secrets as false positives but only in the context of this specific run - it won’t remember this action in subsequent check runs.

If you encounter any problems you can reach out to us on Slack: #gitguardian-secret-scanning-help

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@kameshsampath kameshsampath merged commit a769322 into main Nov 29, 2024
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kameshsampath