diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 5f16d22..9364b90 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -23,7 +23,22 @@ jobs: uses: actions/checkout@v1 - name: Run tests run: make test - + detectsecrets: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python/@v4 + with: + python-version: 3.11 + - name: Install Detect Secrets + run: | + python -m pip install --upgrade pip + pip install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets" + - name: Detect Secrets + run: | + detect-secrets scan --update .secrets.baseline --exclude-files *go.sum* + detect-secrets audit .secrets.baseline --report --fail-on-unaudited --omit-instructions coverage: runs-on: ubuntu-latest steps: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..50c1a6e --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +# This is an example configuration to enable detect-secrets in the pre-commit hook. +# Add this file to the root folder of your repository. +# +# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook. +# +# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase. +repos: + - repo: https://github.com/ibm/detect-secrets + # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha. + # You are encouraged to use static refs such as tags, instead of branch name + # + # Running "pre-commit autoupdate" automatically updates rev to latest tag + rev: 0.13.1+ibm.62.dss + hooks: + - id: detect-secrets # pragma: whitelist secret + # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options. + # You may also run `pre-commit run detect-secrets` to preview the scan result. + # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file + # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins + # add "--fail-on-unaudited" to fail pre-commit for unaudited potential secrets + args: [--baseline, .secrets.baseline, --use-all-plugins] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..4e6336c --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,266 @@ +{ + "exclude": { + "files": "go.sum|^.secrets.baseline$", + "lines": null + }, + "generated_at": "2024-04-18T14:44:04Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, + { + "ghe_instance": "github.ibm.com", + "name": "GheDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": { + "README.md": [ + { + "hashed_secret": "d1da57683505716a1a8716658c4432742355360a", + "is_secret": false, + "is_verified": false, + "line_number": 71, + "type": "Secret Keyword", + "verified_result": null + } + ], + "services/account_test.go": [ + { + "hashed_secret": "c218236f2825f6fc9d2ffb100becad199c5961ed", + "is_secret": false, + "is_verified": false, + "line_number": 3934, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "28b386cf9ad560231594007df15c06ac60d34e9a", + "is_secret": false, + "is_verified": false, + "line_number": 3941, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "bf9130647c179bd2b6992bcf2db4560b91bc513d", + "is_secret": false, + "is_verified": false, + "line_number": 3948, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "514e1c9ca3e832486f7d88c45a4ea453bfe7f9bf", + "is_secret": false, + "is_verified": false, + "line_number": 3955, + "type": "Secret Keyword", + "verified_result": null + } + ], + "services/network_test.go": [ + { + "hashed_secret": "319f96013e95ce7556aa082a9dd58dce40aeff0f", + "is_secret": false, + "is_verified": false, + "line_number": 1870, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "fa9250fd74ad6c9f6737049b5bd842709fbf4ae3", + "is_secret": false, + "is_verified": false, + "line_number": 1877, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "bf9130647c179bd2b6992bcf2db4560b91bc513d", + "is_secret": false, + "is_verified": false, + "line_number": 1884, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "0f39e6d6c8aafa1e3e723d1b06aef02ead75b908", + "is_secret": false, + "is_verified": false, + "line_number": 1891, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "5487abf5507e25b18b47a3e8cd1ecfdea8c0e9e9", + "is_secret": false, + "is_verified": false, + "line_number": 1898, + "type": "Secret Keyword", + "verified_result": null + } + ], + "services/software_test.go": [ + { + "hashed_secret": "db6ab765d29f5e3ee83c9dcc2685ecb9fcfe1b1c", + "is_secret": false, + "is_verified": false, + "line_number": 452, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "f0630f18d493a05208b23d5d5dd71fafe750602b", + "is_secret": false, + "is_verified": false, + "line_number": 459, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "954ba6088cab8dfbfcb41d48b7389aca9282ba83", + "is_secret": false, + "is_verified": false, + "line_number": 466, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "51a0edbb8bb8ccf30b7900d0d0f4ccb1852ab6d8", + "is_secret": false, + "is_verified": false, + "line_number": 473, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "c218236f2825f6fc9d2ffb100becad199c5961ed", + "is_secret": false, + "is_verified": false, + "line_number": 480, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "d62b06e9306da587ba701d0c0b2bdd6ad896540e", + "is_secret": false, + "is_verified": false, + "line_number": 487, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "bf9130647c179bd2b6992bcf2db4560b91bc513d", + "is_secret": false, + "is_verified": false, + "line_number": 494, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "10b8decb9176d09baac35f6769b931916825715e", + "is_secret": false, + "is_verified": false, + "line_number": 501, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "b1e8b05dff36ba9cf76d4a8d4723b5a4d7d92ab7", + "is_secret": false, + "is_verified": false, + "line_number": 508, + "type": "Secret Keyword", + "verified_result": null + } + ], + "session/session.go": [ + { + "hashed_secret": "6f667d3e9627f5549ffeb1055ff294c34430b837", + "is_secret": false, + "is_verified": false, + "line_number": 171, + "type": "Secret Keyword", + "verified_result": null + } + ], + "session/xmlrpc.go": [ + { + "hashed_secret": "396adbeebd0f3059d31a3455116348135bfd6628", + "is_secret": false, + "is_verified": false, + "line_number": 97, + "type": "Secret Keyword", + "verified_result": null + } + ] + }, + "version": "0.13.1+ibm.62.dss", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 2b1f13a..0000000 --- a/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: go -go: -- '1.10' -install: -- make test_deps -script: -- make test