search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7.16k stars 1.12k forks source link

feat(secrets): Adding check_id to EnrichedSecret class #6842

Closed pazbechor closed 1 week ago

pazbechor commented 1 week ago

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[//]: # "

PR Title

We use the title to create changelog automatically and therefore only allow specific prefixes
- break:    to indicate a breaking change, this supersedes any of the other types
- feat:     to indicate new features or checks
- fix:      to indicate a bugfix or handling of edge cases of existing checks
- docs:     to indicate an update to our documentation
- chore:    to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Each prefix should be accompanied by a scope that specifies the targeted framework. If uncertain, use 'general'.
#    
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance

"

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Introduce a new check_id attribute to the EnrichedSecret class to enhance secret tracking. Update the save_secret_to_coordinator method in the Runner class to handle the new check_id parameter, ensuring it is included in the EnrichedSecret instances. This change aims to improve the identification and management of secrets within the system.

<table><tr><th>Topic</th><th>Details</th><tr><td><a href=https://baz.co/changes/bridgecrewio/checkov/6842?tool=ast&topic=Secret+Tracking>Secret Tracking</a>
    </td><td>Add <code>check_id</code> to <code>EnrichedSecret</code> for better secret tracking.<details><summary>Modified files (2)</summary><ul><li>checkov/secrets/runner.py</li>
  • checkov/secrets/coordinator.py
    • Latest Contributors(2)
    UserCommitDate
    matanshati@gmail.comfeat-secrets-Add-npm-d...November 10, 2024
    eshmayovitz@paloaltone...fix-secrets-Update-CKV...November 05, 2024
    This pull request is reviewed by Baz. Join @pazbechor and the rest of your team on (Baz).
    pazbechor commented 1 week ago

    can you make sure that we're putting it in git history as well ?

    It's relevant for both secrets & git_history