The IBM Product App Connect Enterprise has node-tunnel as an indirect dependency. We have a customer who is scanning docker images created as part of their CI/CD pipeline with the Twistlock security tool.
This is flagging the test keys in the test/keys directory as being secure credentials stored in the clear as described in the Embedded Secret Detection and Blocking section here:
We have informed our customer that we believe that removal of these files from the image will not adversely affect the function of the code and allow them to pass their security scans but wonder if the test data could be refactored to avoid the problem.
The IBM Product App Connect Enterprise has node-tunnel as an indirect dependency. We have a customer who is scanning docker images created as part of their CI/CD pipeline with the Twistlock security tool.
This is flagging the test keys in the test/keys directory as being secure credentials stored in the clear as described in the Embedded Secret Detection and Blocking section here:
https://www.twistlock.com/2017/04/17/introducing-twistlock-2-0/
We have informed our customer that we believe that removal of these files from the image will not adversely affect the function of the code and allow them to pass their security scans but wonder if the test data could be refactored to avoid the problem.