IBM / detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.
Apache License 2.0
74 stars 46 forks source link

Update GHE plugin token regex #111

Closed Asmysaras closed 1 year ago

Asmysaras commented 1 year ago

The GitHub Enterprise Detector will now scan for GitHub Enterprise credentials generated both before (see forty_hex var) and after (see new_ghe_token var) this update: https://docs.github.com/en/enterprise-server@3.2/authentication/keeping-your-account-and-data-secure/about-authentication-to-github#githubs-token-formats

victoria-miltcheva commented 1 year ago

Hey @Asmysaras, the Travis build was failing previously because a vulnerable version of setuptools was being used:

Screenshot 2022-12-29 at 10 28 25 AM

I fixed the issue with this line: https://github.com/IBM/detect-secrets/blob/8475dd7f309c9b7cec22875bc6ea883928d65392/.travis.yml#L31.

But there was an issue with the Python 3.6 build where pip can't install the fixed version of setuptools since it's not available to it:

Screenshot 2022-12-29 at 10 28 35 AM

Since Python 3.6 is no longer officially supported, I went ahead and removed the 3.6 build from travis.yml. Since that vulnerability is unfixable in this version of Python, it makes sense to me to remove it.