diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 19d649b5..c4bea946 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -69,3 +69,10 @@ Due to legal reasons, contributors will be asked to accept a DCO before they submit the first pull request to this projects, this happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/). + + +### Contributing with AI-generated code + +As artificial intelligence evolves, AI-generated code is becoming valuable for many software projects, including open-source initiatives. While we recognize the potential benefits of incorporating AI-generated content into our open-source projects there a certain requirements that need to be reflected and adhered to when making contributions. + +Please see SAP's [guideline for AI-generated code contributions to SAP Open Source Software Projects](https://github.com/SAP/.github/blob/main/CONTRIBUTING_USING_GENAI.md) for these requirements. diff --git a/README.md b/README.md index 8f49118b..43af0957 100644 --- a/README.md +++ b/README.md @@ -246,6 +246,7 @@ Credential Digger also offers a simple CLI to scan a repository. The CLI support Refer to the [Wiki](https://github.com/SAP/credential-digger/wiki) for all the supported commands and their usage. + ## Micosoft Visual Studio Plugin VS Code extension for project "Credential Digger" is a free IDE extension that let you detect secrets and credentials in your code before they get leaked! Like a spell checker, the extension scans your files using the Credential Digger and highlights the secrets as you write code, so you can fix them before the code is even committed. @@ -254,32 +255,27 @@ The VS Code extension can be donwloaded from the [Microsoft VS Code Marketplace] ![VSCODE](https://github.com/SAP/credential-digger/blob/main/github_assets/credential-digger-how-it-works.gif) + ## pre-commit hook Credential Digger can be used with the [pre-commit](https://pre-commit.com/) framework to scan staged files before each commit. Please, refer to the [Wiki page of the pre-commit hook](https://github.com/SAP/credential-digger/wiki/pre-commit-hook) for further information on its installation and execution. -## CI/CD Pipeline Intergation on Piper + +## CI/CD Pipeline Intergation on Piper (SAP Jenkins Library) ![Piper](https://github.com/SAP/credential-digger/blob/main/github_assets/piper.png) Credential Digger is intergrated with the continuous delivery CI/CD pipeline [Piper](https://www.project-piper.io/) in order to automate secrets scans for your Github projects and repositories. In order to activate the Credential Diggger Step please refer to this [Credential Digger step documentation for Piper](https://www.project-piper.io/steps/credentialdiggerScan/) -### How Piper works with Jenkins - -- Once the step for credentialdigger is reached, its docker image is downloaded from the internal SAP registry. (A public instance will be avaialble soon) -- Jenkins runs this container and runs a scan using credentialdigger, based on the step configuration. Indeed, the step supports full scan of a repo, scan of a snapshot and scan of a pull request. It is also supporting orchestrators. -- The result of the scan (an excel file) is stored in Jenkins workspace as an output artifact -- Jenkins destroys the container after the scan - -There is no need to deploy or install a Credential Digger instance !! ## Wiki For further information, please refer to the [Wiki](https://github.com/SAP/credential-digger/wiki) + ## Contributing We invite your participation to the project through issues and pull requests. Please refer to the [Contributing guidelines](https://github.com/SAP/credential-digger/blob/main/CONTRIBUTING.md) for how to contribute. diff --git a/pyproject.toml b/pyproject.toml index 8353068d..fbef0665 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = 'setuptools.build_meta' [project] name = 'credentialdigger' -version = '4.14.3' +version = '4.14.4' dynamic = ['dependencies'] authors = [ {name = 'SAP SE'} diff --git a/requirements.txt b/requirements.txt index 41df5f62..bf25f03c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ psycopg2-binary PyGithub python-dotenv pyyaml -rich~=13.7 +rich~=13.8 srsly>=2.4.0 tensorflow==2.17.0; python_version > "3.8" tensorflow==2.13.1; python_version <= "3.8" diff --git a/tests/tests-requirements.txt b/tests/tests-requirements.txt index 4e2e7fd6..a7f1850d 100644 --- a/tests/tests-requirements.txt +++ b/tests/tests-requirements.txt @@ -1,2 +1,2 @@ parameterized~=0.9.0 -pytest~=8.3.1 \ No newline at end of file +pytest~=8.3.2 \ No newline at end of file