Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

Commit

Permalink
added test files to detect-secrets and audited the secrets
Browse files Browse the repository at this point in the history 
Signed-off-by: Savvas Kyriacou <[email protected]>
  • Loading branch information
@KirbyKatcher
KirbyKatcher committed Jun 3, 2024
1 parent 4104b40 commit 4d3469d
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
4 changes: 2 additions & 2 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{
"exclude": {
"files": ".*/src/test/.*|^.secrets.baseline$",
"files": "^.secrets.baseline$",
"lines": null
},
"generated_at": "2024-05-31T12:57:28Z",
"generated_at": "2024-06-03T10:11:05Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down
10 changes: 9 additions & 1 deletion build-locally.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ function displayCouchDbCodeCoverage {
function check_secrets {
h2 "updating secrets baseline"
cd ${BASEDIR}
detect-secrets scan --exclude-files '.*/src/test/.*' --update .secrets.baseline
detect-secrets scan --update .secrets.baseline
rc=$?
check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly"
success "updated secrets file"
Expand All @@ -219,6 +219,14 @@ function check_secrets {
detect-secrets audit .secrets.baseline
rc=$?
check_exit_code $rc "Failed to audit detect-secrets."

#Check all secrets have been audited
secrets=$(grep -c hashed_secret .secrets.baseline)
audits=$(grep -c is_secret .secrets.baseline)
if [[ "$secrets" != "$audits" ]]; then
error "Not all secrets found have been audited"
exit 1
fi
success "secrets audit complete"
}

Expand Down

0 comments on commit 4d3469d

Please sign in to comment.