chore: add secret scanning to CICD and pre-commits (#4720)

snyk · Jun 29, 2023 · 39cda18 · 39cda18
1 parent 853622b
commit 39cda18
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -9,6 +9,8 @@ orbs:
   gh: circleci/github-cli@2.1.0
   # https://circleci.com/developer/orbs/orb/circleci/go
   go: circleci/go@1.7.1
+  # https://github.com/snyk/prodsec-orb
+  prodsec: snyk/prodsec-orb@1.0
 
 parameters:
   aws_version:
@@ -845,6 +847,11 @@ workflows:
     jobs:
       - build:
           name: Build
+      - prodsec/secrets-scan:
+          name: Scan repository for secrets
+          context:
+            - snyk-bot-slack
+          channel: hammerhead-alerts
       - test-jest:
           filters:
             branches:

diff --git a/.gitleaksignore b/.gitleaksignore
@@ -0,0 +1,79 @@
+# add false positives here
+
+650613a000fb704abddedd70780bc45a1f9b3829:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-only-response.json:generic-api-key:4
+047d6679bbe0ef64353edc53a421adf6567b6a9f:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-response.json:generic-api-key:4
+0dfa5118696eaff76a734bdd2dd6a4521b26a88d:test/fixtures/sast/sample-analyze-folders-with-report-and-ignores-response.json:generic-api-key:4
+8544c0610f94e4633dbb416b53e0400e2939024b:test/acceptance/fake-server.ts:generic-api-key:466
+72c565df4688e811b6d947078a3ceb2e990b3dcb:test/fixtures/fake-server/localhost-valid.key:private-key:1
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/acceptance/iac/describe.spec.ts:aws-access-token:181
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/acceptance/iac/describe.spec.ts:aws-access-token:186
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:48
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:67
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:68
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.console:aws-access-token:69
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:35
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:93
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:100
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:107
+2fc21745efe0017f633841d7a43ef5589cad0e8e:test/jest/unit/lib/iac/fixtures/alldeep.json:aws-access-token:284
+5fc7674c7c9aae0229736260c18ed6f89ce05c60:test/fixtures/fake-server/localhost-expired.key:private-key:1
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:17
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:41
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/fixtures/iac/drift/analysis.json:aws-access-token:48
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/acceptance/iac/update-exclude-policy.spec.ts:aws-access-token:62
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/acceptance/iac/update-exclude-policy.spec.ts:aws-access-token:64
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:349
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:351
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:364
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:366
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:378
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:380
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:399
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:401
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:416
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:430
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:444
+69b5266fe2f84d7ab544392e72313a39fa66e33b:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:446
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:17
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:41
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/fixtures/iac/drift/output/output.json:aws-access-token:48
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:17
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:41
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/fixtures/driftctl-analysis.json:aws-access-token:48
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:179
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:186
+894ae8d635384c138d22b3ffbe287dbc87780d52:test/jest/unit/lib/iac/drift.spec.ts:aws-access-token:202
+747ff52750a3f3460b42823ac96aab5829aae485:test/acceptance/fake-server.ts:generic-api-key:465
+947f1d6024bfd3b31be8f7d3c675d2d3baa60470:test/jest/unit/lib/ecosystems/resolve-monitor.facts.spec.ts:jwt:12
+bfa6493800fdef7915eaecdd200a5a31ba6aff5c:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:4
+d21cff7d7b100b4b9d999d5dfefda023d1780eb5:test/jest/unit/lib/ecosystems/resolve-test-facts.spec.ts:jwt:10
+1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/DeserializeTest.java:generic-api-key:82
+1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/JWTRefreshEndpoint.java:generic-api-key:48
+1b65935bc7c69b1029d7c63808af211ae6030c98:test/fixtures/sast/shallow_sast_webgoat/JWTRefreshEndpoint.java:generic-api-key:49
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-update.resources.json:aws-access-token:93
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-no-op.resources.json:aws-access-token:107
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/expected-parser-results/full-scan/tf-plan-no-op.resources.json:aws-access-token:129
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-create.json:aws-access-token:663
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:182
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:228
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:561
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:591
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-destroy.json:aws-access-token:751
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:135
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:403
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:413
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-update.json:aws-access-token:536
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:135
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:165
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:570
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:594
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:647
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:669
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1113
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1143
+ac6208df74be9a21f2d14caaaee8aec98195b336:test/fixtures/iac/terraform-plan/tf-plan-no-op.json:aws-access-token:1303
+67512541c7a706d214ccb13a26c09445cde7934e:test/cli-alert/src/index.ts:generic-api-key:89
+872e472bf1bf1aca3dfde5f13d2c89212aa64131:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:3
+cba65a3a91c64db2ee92c87e5972602b6c959586:test/fixtures/sast/sample-analyze-folders-response.json:generic-api-key:3
+6380d9d4147491cadee99113701516ebb8242836:src/cli/commands/test/iac-local-execution/parsers/hcl2json.js:generic-api-key:9827
+c2de35484dcad696a6ee32f2fa317d5cfaffc133:test/fixtures/code/sample-analyze-folders-response.json:generic-api-key:3
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.17.0
+    hooks:
+      - id: gitleaks