Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test do not merge #6

Closed
wants to merge 13 commits into from
Closed

Test do not merge #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
3c87c1f
Added custom semgrep rule
ArisBee Sep 23, 2024
2535177
Fixed semgrep config issue
ArisBee Sep 23, 2024
8f69743
Added issue
ArisBee Sep 23, 2024
81f4363
Added hash leak
ArisBee Sep 23, 2024
aefe91b
Fix
ArisBee Sep 23, 2024
6fb8799
Test
ArisBee Sep 23, 2024
ef9f939
Test
ArisBee Sep 23, 2024
accad4a
Fixed GHA
ArisBee Sep 23, 2024
1517820
Fixed GHA
ArisBee Sep 23, 2024
a7500e7
Fixed GHA
ArisBee Sep 23, 2024
be9ee3a
Fixed GHA
ArisBee Sep 23, 2024
89431f3
Fixed GHA
ArisBee Sep 23, 2024
b9a1276
Fixed GHA
ArisBee Sep 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 4 additions & 15 deletions .github/workflows/detect-secrets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ name: Detect Secrets Scan
on:
workflow_dispatch:
pull_request:
env:
exclude: ''

permissions:
contents: read
Expand All @@ -23,22 +21,13 @@ jobs:
run: chown root:root .
- name: Install detect-secrets
run: pip install detect-secrets
- name: Set --exclude-files arguments
if: ${{ env.exclude }} != ''
shell: bash
run: |
# Use a loop to parse the values in the exclude input and build the desired string
exclude_args=""
IFS=' ' read -a arr <<< $exclude
for ex in "${arr[@]}"
do
exclude_args="${exclude_args} --exclude-files '${ex}'"
done
echo "exclude_args=${exclude_args}" >> $GITHUB_ENV
- name: Run detect-secrets-hook
shell: bash
run: |
detect-secrets-hook --baseline .secrets.baseline ${{ env.exclude_args }} * --json > /tmp/secrets.json
git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline * --json > /tmp/secrets.json
- name: Show detect-secrets output
if: success() || failure()
run: cat /tmp/secrets.json
- name: Show detect-secrets differences
if: ${{ failure() }}
run: git diff
5 changes: 2 additions & 3 deletions .github/workflows/semgrep.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_dispatch:
pull_request:
env:
configs: "p/ci p/security-audit p/owasp-top-ten"
configs: "rules/ p/ci p/security-audit p/owasp-top-ten"

permissions:
contents: read
Expand Down Expand Up @@ -35,8 +35,7 @@ jobs:
SEMGREP_SEND_METRICS: off
shell: bash
run: |
set +o pipefail
semgrep scan . --gitlab-sast -o /tmp/semgrep.json
semgrep scan . --error --gitlab-sast -o /tmp/semgrep.json
- name: Show Semgrep report
if: success() || failure()
run: cat /tmp/semgrep.json
30 changes: 16 additions & 14 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,24 @@
repos:
- repo: https://github.com/semgrep/semgrep
rev: "v1.86.0"
rev: '768d0f4c3ccb4b1740eef22bbbd57fc936450df2' # frozen: v1.84.1
hooks:
- id: semgrep
args:
[
"--config",
"p/ci",
"--error",
"--skip-unknown-extensions",
"--metrics",
"off",
]
stages: [pre-push]
- --config
- 'rules/ p/ci'
- --error
- --skip-unknown-extensions
- --metrics
- 'off'
stages:
- pre-push
- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
rev: '68e8b45440415753fff70a312ece8da92ba85b4a' # frozen: v1.5.0
hooks:
- id: detect-secrets
stages: [pre-commit]
args: ["--baseline", ".secrets.baseline"]
exclude: yarn.lock
args:
- --baseline
- .secrets.baseline
stages:
- pre-commit
exclude: package-lock.json
27 changes: 24 additions & 3 deletions .secrets.baseline
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "1.4.0",
"version": "1.5.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
Expand Down Expand Up @@ -75,6 +75,10 @@
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
Expand Down Expand Up @@ -107,6 +111,23 @@
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {},
"generated_at": "2024-09-11T10:26:17Z"
"results": {
".pre-commit-config.yaml": [
{
"type": "Hex High Entropy String",
"filename": ".pre-commit-config.yaml",
"hashed_secret": "23414c22063b86dd91d7570689f2da10d72ec4f8",
"is_verified": false,
"line_number": 3
},
{
"type": "Hex High Entropy String",
"filename": ".pre-commit-config.yaml",
"hashed_secret": "86242b7a7b67c1fd83514757a6b319602d648e94",
"is_verified": false,
"line_number": 16
}
]
},
"generated_at": "2024-09-23T17:27:01Z"
}
108 changes: 54 additions & 54 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
"start": "next start"
},
"dependencies": {
"next": "latest",
"react": "18.2.0",
"react-dom": "18.2.0"
"next": "^14.2.9",
"react": "^18.3.1",
"react-dom": "^18.3.1"
},
"engines": {
"node": ">=18"
Expand Down
Loading
Loading