GitUrl may return credentials

IBM / dbb-zappbuild

zAppBuild is a generic build solution for building z/OS applications using Apache Groovy build scripts and IBM Dependency Based Build (DBB) APIs.

Apache License 2.0

40 stars 123 forks source link

Closed dennis-behm closed 8 months ago

dennis-behm commented 9 months ago

Depending on the pipeline orchestration technology, obtaining the gitUrl for traceability purposes may including credentials. https://github.com/IBM/dbb-zappbuild/blob/d018b5c83cfb9d2a1f3f40c82aa8e2c8a05a9821/build.groovy#L699

Credentials that are obtained via

git config --get remote.origin.url

need to be masked.

Tests even indicted that

git remote get-url origin

can include credentials.

dennis-behm commented 8 months ago