aiven / devportal

Resources for users of the projects on the Aiven platform
https://docs.aiven.io
Creative Commons Attribution 4.0 International
60 stars 53 forks source link

Add secret scanning alerts and/or code scanning #1124

Closed laysauchoa closed 1 year ago

laysauchoa commented 2 years ago

Those are also tools that can help us to find vulnerabilities in this repository. We would need to test for a bit to see if there are too many false positive cases. But they may be helpful, so I am adding here as a possible suggestion to improve the security aspect.

lornajane commented 2 years ago

I'm not sure how helpful this is since the repository doesn't contain any code of our own. I'm sure it's a good practice, but I'm not sure about adding more things to maintain on a documentation repo, where the benefits are less clear. Could you say a little more about why you think this would be valuable?

laysauchoa commented 2 years ago

This is the standard best practice for security. We are giving sample code for our users and it is important to make sure we are following good security practices. Maybe we can have someone from security to give an input about it.

laysauchoa commented 2 years ago

Check if this could be spotted with code scanning: https://github.com/aiven/devportal/issues/1253

laysauchoa commented 1 year ago

Closing this as devportal project do not aim to check for secrets in the docs/code.