Open maoo opened 3 years ago
In addition to actually executing the secret scanning, git-proxy (via #47) can simply check that built-in GitHub secret scanning is enabled on the upstream repo before allowing a push to go forward. In combination with GitHub's push protection, this is a light-weight method for detecting secrets in source.
Many organizations have secrets such as LDAP credentials that do not get detected by the partner patterns so some extensibility is still needed and it makes sense to have another defensive layer to detect custom or in-house secrets via git-proxy.
Love the idea, thanks @coopernetes !
It's worth mentioning that Goldman Sachs contributed to FINOS a secret scanning tool called CatchIT, see https://github.com/finos/catchit
See https://github.com/hawkeyesec/scanner-cli
Scanner-cli provides a wide range of features; as a proof of concept, it is required to:
.hawkeyerc
and.hawkeyeignore