Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret detection capability #206

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Secret detection capability #206

wants to merge 6 commits into from

Conversation

slashben
Copy link
Contributor

Overview

A capability that finds secrets (private key, tokens and other credential materials) in the container image and publishes it in the scan results.

Checklist before requesting a review

put an [x] in the box to get it checked

  • My code follows the style guidelines of this project
  • I have commented on my code, particularly in hard-to-understand areas
  • I have performed a self-review of my code
  • If it is a core feature, I have added thorough tests.
  • New and existing unit tests pass locally with my changes

@github-actions GitHub Actions
Copy link

Summary:

  • License scan: failure
  • Credentials scan: failure
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: success

matthyx and others added 5 commits January 24, 2024 13:12
@matthyx
update to latest syft and grype
06baaad 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@matthyx
add test with schema v1 image to validate fix
279d8fa 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@matthyx
use stereoscope fork to support maxImageSize
848a94b 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@matthyx
clean temp dir after SBOM generation
d322bd3 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@slashben @matthyx
Initial commit of the secret detection package
a4536c6 
Signed-off-by: Ben <ben@armosec.io>
@github-actions GitHub Actions
Copy link

Summary:

  • License scan: failure
  • Credentials scan: failure
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: success

@matthyx
use fileresolver to access image layers
397ce6a 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
@github-actions GitHub Actions
Copy link

Summary:

  • License scan: failure
  • Credentials scan: failure
  • Vulnerabilities scan: failure
  • Unit test: success
  • Go linting: success

slashben
slashben commented Jan 25, 2024
View reviewed changes
adapters/v1/syft.go
Comment on lines +151 to +154
fileDetectionConfig := &secretdetector.FileDetectionConfig{
SkipBinaryFiles: false,
SizeThreshold: 0,
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd set SkipBinaryFiles to true in the first release. We need to make the scanning more efficient before we turn this on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@slashben @matthyx