Closed laysauchoa closed 1 year ago
I'm not sure how helpful this is since the repository doesn't contain any code of our own. I'm sure it's a good practice, but I'm not sure about adding more things to maintain on a documentation repo, where the benefits are less clear. Could you say a little more about why you think this would be valuable?
This is the standard best practice for security. We are giving sample code for our users and it is important to make sure we are following good security practices. Maybe we can have someone from security to give an input about it.
Check if this could be spotted with code scanning: https://github.com/aiven/devportal/issues/1253
Closing this as devportal project do not aim to check for secrets in the docs/code.
Those are also tools that can help us to find vulnerabilities in this repository. We would need to test for a bit to see if there are too many false positive cases. But they may be helpful, so I am adding here as a possible suggestion to improve the security aspect.