Skip to content

Comments

Lab 3 Submission Nikita Timofeev#429

Open
MoriSummerz wants to merge 7 commits intoinno-devops-labs:mainfrom
MoriSummerz:feature/lab3
Open

Lab 3 Submission Nikita Timofeev#429
MoriSummerz wants to merge 7 commits intoinno-devops-labs:mainfrom
MoriSummerz:feature/lab3

Conversation

@MoriSummerz
Copy link

Lab 3 — Secure Git Practices Implementation

Goal

This PR implements secure Git fundamentals for Lab 3, including SSH commit signing and automated pre-commit secret scanning. The goal is to establish cryptographic verification of commit authenticity and prevent accidental exposure of secrets in the repository.

Changes

  • Configured SSH commit signing with ed25519 key
  • Implemented pre-commit hook for automated secret scanning
  • Added dual-scanner approach using TruffleHog and Gitleaks via Docker
  • Created comprehensive documentation in labs/submission3.md
  • Configured selective scanning to exclude lectures/ directory (educational content)

Testing

Task 1: SSH Commit Signing

# Verified Git configuration
git config --get user.signingkey
git config --get commit.gpgsign
git config --get gpg.format

# Created signed commit
git commit -S -m "docs: add commit signing summary"

# Verified signature
git log --show-signature -1

Task 2: Pre-commit Secret Scanning

# Test 1: Blocked commit with secrets
echo "AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE" > test-secret.txt
git add test-secret.txt
git commit -m "test: add secret"
# Result: ✅ Commit blocked by both TruffleHog and Gitleaks

# Test 2: Allowed commit without secrets
echo "# Clean documentation" > docs/notes.md
git add docs/notes.md
git commit -m "docs: add notes"
# Result: ✅ Commit allowed

# Test 3: Educational content exception
echo "API_KEY=secret123" > lectures/example-secret.txt
git add lectures/example-secret.txt
git commit -m "docs: add security example"
# Result: ✅ Commit allowed with warning (lectures/ directory excluded)

Artifacts & Screenshots

SSH Commit Configuration

user.signingkey=/Users/morisummer/.ssh/id_ed25519.pub
commit.gpgsign=true
gpg.format=ssh
user.email=timofeevnikita111@gmail.com

Pre-commit Hook

  • Location: .git/hooks/pre-commit
  • Permissions: -rwxr-xr-x (executable)
  • Scanners: TruffleHog + Gitleaks (Docker-based)
  • Lines of code: 103 lines

Recent Commits

9e9cf55 docs: add commit signing summary [Signed]
503673d Merge pull request #1 from MoriSummerz/feature/lab1
992059b docs(lab1): add submission1 triage report

Secret Detection Output Examples

Blocked Commit:

[pre-commit] ✖ TruffleHog detected potential secrets in non-lectures files
✖ COMMIT BLOCKED: Secrets detected in non-excluded files.

Successful Commit:

[pre-commit] ✓ TruffleHog found no secrets in non-lectures files
✓ No secrets detected in non-excluded files; proceeding with commit.

Checklist

  • Task 1 done — SSH commit signing setup
  • Task 2 done — Pre-commit secrets scanning setup
  • PR title is clear and descriptive
  • Documentation updated if needed
  • No secrets or large temporary files committed
  • File labs/submission3.md contains required analysis for both tasks
  • At least one commit shows "Verified" (signed via SSH) on GitHub
  • Local .git/hooks/pre-commit runs TruffleHog and Gitleaks via Docker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant