-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
17 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| * @globis-org/gdp-gsirt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,16 @@ | ||
| # secrets-scan | ||
| # org-secrets-scan | ||
| `aquasecurity/trivy`を使用して秘匿情報を検出し。Pull Request にコメントを追加します。 | ||
|
|
||
| この workflow は [Required workflows](https://docs.github.com/ja/actions/using-workflows/required-workflows) の機能を用いて GLOBIS Organization 配下の全てのリポジトリで動作されることを前提としています。 | ||
|
|
||
|  | ||
|
|
||
|
|
||
| ## カスタマイズ | ||
| 必要に応じて、各リポジトリのルートディレクトリに `trivy-secret.yaml` を配置することで検知ルールの追加や検知対象から外すことができます。 | ||
|
|
||
| 詳細は [公式ドキュメント](https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#configuration) を参考にしてください | ||
|
|
||
| `trivy-secret.yaml` が意図したように動くかはローカル環境で動作確認することが可能です。 | ||
|
|
||
| trivy のインストール方法については [こちら](https://aquasecurity.github.io/trivy/v0.48/getting-started/installation/) を参考にしてください。 |