search

cloud-gov / caulking

Prevent leaks with gitleaks, and use tests to validate
Other
32 stars 11 forks source link

Bug: false positive with _removing_ a sensitive line #7

Closed tammersaleh closed 4 years ago

tammersaleh commented 4 years ago

See screenshot below. Two issues:

  1. False positive of CF_PASSWORD: ((production-cf-password)) (which is fine - not the point of this issue)
  2. Caught this secret when it was being removed from the repo (this is the point of this issue). Can we configure gitleaks to only stop commits that add leaks?
cloud-gov-laptop 2020-03-31 09-50-10
pburkholder commented 4 years ago

I'm going to close this as it's a pending PR upstream, https://github.com/zricethezav/gitleaks/pull/268, and I can't do anything in caulking to fix this or expedite (aside from 👍 it upstream, which I've already done).

Reopen if it helps track.

pburkholder commented 4 years ago

PS: I've fixed the reporting password: ((thing)) as a leak. It won't get flagged after this next release.