From fadf55e983322615b70050595a8b78c631d02d9a Mon Sep 17 00:00:00 2001
From: Jingchao Zhong <92573736+perryzjc@users.noreply.github.com>
Date: Thu, 11 May 2023 17:05:57 -0700
Subject: [PATCH] Issue NASA-AMMOS#89: Update documentation for detect-secrets
Configuration files (yaml, baseline file, and plugins) are stored at another repository:
https://github.com/NASA-AMMOS/slim-config-detect-secrets
---
continuous-testing/starter-kits/README.md | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/continuous-testing/starter-kits/README.md b/continuous-testing/starter-kits/README.md
index d975e2c63..728f5625b 100644
--- a/continuous-testing/starter-kits/README.md
+++ b/continuous-testing/starter-kits/README.md
@@ -315,13 +315,14 @@ sequenceDiagram
L3->>DS: Scan for Secrets
alt Secrets Detected in L3
DS-->>Dev: Secrets Detected
+ Note over Dev: Manually check the file for same type of secrets
Dev->>L1: Use Auditing Feature to Identify Files for Cleaning
Dev->>Dev: Clean Commit History
- Note over Dev: If a secret has already been committed, visit:
https://help.github.com/articles/removing-sensitive-data-from-a-repository
+ Note over Dev: If a secret has already been committed, refer:
https://help.github.com/articles/removing-sensitive-data-from-a-repository
Dev->>L2: Set Up Git Commit Scan
- Note over Dev, L2: Minimize the chance of pushing secrets
Easier to clean local files than GitHub commit history
- Dev->>L1: Involve Full Scan & Audit in Each Stage
- Note over Dev, L1: Helps generate, update or analyze baseline file for L2 and L3
+ Note over Dev, L2: Minimizes chances of pushing secrets
Easier to clean local files than GitHub commit history
+ Dev->>L1: Use Full Scan & Audit at Each Stage
+ Note over Dev, L1: Assists in generating, updating or analyzing baseline file for L2 and L3
Dev->>L3: Retry Push/Merge to Main Branch
else No Secrets Detected
DS-->>GH: No Secrets Detected