search

JoostVoskuil / azure-devops-gitleaks

This is an extension for Azure DevOps that is a wrapper arround gitleaks created by Zachary Rice for easy execution inside your pipeline. Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
MIT License
25 stars 16 forks source link

taskFail Query #76

Closed ChrisHolman closed 1 year ago

ChrisHolman commented 1 year ago

If taskFail is set to True, and issues are detected, the task fails.

If taskFail is set to False, and issues are detected, the task presents a warning (!).

Is there a way to remove this warning, so if issues are detected, and the toggle is set to false, the task will Pass?

JoostVoskuil commented 1 year ago

Hi @ChrisHolman can you elaborate? The task will get the status SucceededWithWarnings and not Fail.

What are you trying to achieve?

ChrisHolman commented 1 year ago

Looking to remove the SucceededWithWarnings flag. Although it may sound counter-intuitive, we would rather the task always passed, regardless of what was found, until we've managed to ascertain a baseline.

JoostVoskuil commented 1 year ago

SucceededWithWarnings is passed.

JoostVoskuil commented 1 year ago

Hi @ChrisHolman, I tought about it and I am not going to change the behavior. When secrets (either true secrets or false positives) are found there is a call for action. That call for action is either a warning or error. Suppressing both sounds an anti-pattern for me.