Open ascerra opened 1 day ago
It's defiantly doable; though, I do have a few concerns:
[1] One concrete example of this is that the AWS access key id rule is very good at finding things, but the secret key rule can miss things sometimes. By blowing away the whole file, it handles the keypair match in either case.
Would you be up for brainstorming a few alternate ideas?
Examples:
Ya we're definitely up for a brainstorm on this.
The good news is that the file removal is not a blocker for us. We will implement this till using that for now to improve security then we can have this brainstorm to discuss possible ways to make debugging easier for our users.
This issue is a request for new functionality.
When integrating the leaktk tool into our CI we are using the command
leaktk scan --kind Files --resource /workspace | leaktk-remove-files /workspace
This presents a problem when debugging failures with our users. Having the option to instead of remove the file completely could we just redact the problematic line or string that was identified?
For example take this output.log file
this is my token: eydhn94mksknvkk2
(don't worry not a real token) and turn it intothis is my token: XXXXXXXXXXXXXXXX