Merge pull request #100 from NASA-AMMOS/riverma-patch-1

Update Detect Secrets write-up to disable AbsolutePathDetectorExperimental plugin for now
NASA-AMMOS · Aug 29, 2023 · b888dba · b888dba
2 parents 2b676b3 + a60e3ba
commit b888dba
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/docs/guides/software-lifecycle/security/secrets-detection/README.md b/docs/guides/software-lifecycle/security/secrets-detection/README.md
@@ -120,7 +120,7 @@ pip install git+https://github.com/NASA-AMMOS/slim-detect-secrets.git@exp
 
 2. Scan all local files from current directory and output the result as a baseline file
 ```bash
-detect-secrets scan ./ --all-files --exclude-files '.secrets.*' --exclude-files '.git*' > .secrets.baseline
+detect-secrets scan ./ --all-files --disable-plugin AbsolutePathDetectorExperimental --exclude-files '.secrets.*' --exclude-files '.git*' > .secrets.baseline
 ```
 Here it scans all the local files from current directory, but excludes `.git` directory and `.secrets` baseline files from scanning to reduce false positive. Make modifications when necessary.
 
@@ -323,7 +323,7 @@ jobs:
           cp .secrets.baseline .secrets.new
 
           # find the secrets in the repository
-          detect-secrets scan --baseline .secrets.new --exclude-files '.secrets.*' --exclude-files '.git*'
+          detect-secrets scan --disable-plugin AbsolutePathDetectorExperimental --baseline .secrets.new --exclude-files '.secrets.*' --exclude-files '.git*'
 
           # if there is any difference between the known and newly detected secrets, break the build
           # Function to compare secrets without listing them
@@ -434,4 +434,4 @@ sequenceDiagram
 
 Check out
 1. [detect-secrets](https://github.com/Yelp/detect-secrets)
-2. [pre-commit](https://pre-commit.com/)
+2. [pre-commit](https://pre-commit.com/)