Scan committed code for well-known and custom credentials and secrets across all your repositories.
✨ View this skill in the Atomist Skills Catalog to enable this skill on your repositories. ✨
See the Atomist website for general information about Atomist Skills and the Atomist documentation site for instructions on how to get started using Atomist Skills.
github-secret-scanner-skill
can be executed against a locally cloned
repository or directory using the following command:
$ docker run -it -v $(pwd):/atm/home atomist/github-secret-scanner-skill scan
This will scan the local directory and write a secrets.json
file with detected
secrets and their location. If secrets are found, the command exits with 1
;
otherwise with 0
.
Use the following command to obtain help for the scan command:
$ docker run -it atomist/github-secret-scanner-skill scan --help
Contributions to this project from community members are encouraged and appreciated. Please review the Contributing Guidelines for more information. Also see the Development section in this document.
This project is governed by the Code of Conduct. You are expected to act in accordance with this code by participating. Please report any unacceptable behavior to code-of-conduct@atomist.com.
Follow @atomist on Twitter and The Atomist Blog.
General support questions should be discussed in the #help
channel in the
Atomist community Slack workspace.
If you find a problem, please create an issue.
You will need to install Node.js to build and test this project.
Install dependencies.
$ npm ci
Use the build
package script to compile, test, lint, and build the
documentation.
$ npm run build
Releases are created by pushing a release semantic version tag to the repository, Atomist Skills take care of the rest.
To make this skill globally available, set its maturity to "stable" via the set maturity drop-down in its Atomist Community Slack channel.
Created by Atomist. Need Help? Join our Slack workspace.