git2gus[bot]
commented
3 years ago This issue has been linked to a new work item: W-8780456
Open robhva opened 3 years ago
git2gus[bot]
commented
3 years ago This issue has been linked to a new work item: W-8780456
Is your feature request related to a problem? Please describe. Sometimes it happens, although it is a bad practice, that developers embed secrets within source code. These are often credentials in order to integrate with other systems.
Describe the solution you'd like I would like SFDX-Scanner to detect secrets for me and throw them as a violation.
Describe alternatives you've considered Run another tool like the one linked below:
https://bitbucket.org/atlassian/git-secrets-scan/src/master/Additional context Having secrets detection embedded within SFDX-Scanner will save much time as it will just be additional checks for sfdx-scanner while as I won't have to run and maintain another tool. I also considered to create my own rule set but this risk of having credentials exposed basically applies to everyone. As such I expect SFDX-Scanner will receive manny appreciations by including this option by default (perhaps allowing users to disabled it from the config file).
"Workaround": n/a
"Urgency": How badly do you need this feature? "Nice to have" vs "Highly beneficial" vs "Can't live without it". To me this feature is a "Can't live without it" thing. Having this embeded in within sfdx-scanner means I only have to run static code analysis once and as such will speed-up my DevOps Pipeline.