Secret detection is broken on branch titan_treks_utility_script

NASA-PDS / registry

PDS Registry provides service and software application necessary for tracking, searching, auditing, locating, and maintaining artifacts within the system. These artifacts can range from data files and label files, schemas, dictionary definitions for objects and elements, services, etc.

https://nasa-pds.github.io/registry

Apache License 2.0

3 stars 2 forks source link

Secret detection is broken on branch titan_treks_utility_script #292

Closed mattanikiej closed 4 months ago

mattanikiej commented 5 months ago

Checked for duplicates

No - I haven't checked

🐛 Describe the bug

Fails to install plugins and public emails are flagged as secrets.

🕵️ Expected behavior

detect-secrets has plugins that should prevent this

📜 To Reproduce

Push changes to the repository

🖥 Environment Info

Version of this software [e.g. vX.Y.Z]
Operating System: [e.g. MacOSX with Docker Desktop vX.Y] ...

📚 Version of Software Used

No response

🩺 Test Data / Additional context

No response

🦄 Related requirements

🦄 #xyz

⚙️ Engineering Details

No response

🎉 Integration & Test

No response

nutjob4life commented 5 months ago

@mattanikiej perfect, thanks

nutjob4life commented 5 months ago

The issue was that the .secrets.baseline referenced two .pem files which were not included in the commit (indeed, they're in the .gitignore).

But when the workflow runs and compares the results with the baseline, it only sees the difference, and assumes any difference is a new disclosure. A smarter workflow would only report new disclosures, not a reduction in secrets.

jordanpadams commented 4 months ago

Install issue identified and PR has been merged. #293