search

allero-io / allero

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
https://allero.io
Apache License 2.0
206 stars 14 forks source link

Ensure secrets scanning #106

Open OriYosef opened 1 year ago

OriYosef commented 1 year ago

Name of the rule you'd like to add ensure-secrets-scanner

Describe the rule At least one pipeline in each repository should run a secrets scanner to prevent secrets leaks.

What triggers the rule If none of the following runs in the repo: trufflehog GitGuardian Gitleaks Trivy

Failure message should the rule fail Secrets scanner was not detected in the repository pipelines. It is highly recommended to add one to prevent secrets leaks.

What SCMs is this rule eligible for Github, Gitlab.

Will this rule work in local run Eligible for local as well. same behavior.

What CI/CD platforms is this rule eligible for Github Actions, GitlabCI, JFrog Pipelines.

Should this rule be enabled by default No

Sample repos/orgs to test the rule Example of how to integrate trivy

baruchiro commented 1 year ago

I see there is already a rule for secret scanning, is this issue should still be open?