ghost
commented
6 years ago The two apprentices Aaron and Ashley have coding tasks to start next week. Please get them involved in writing the wrapper script for the scan tool and automation thereof
Closed sid-secops closed 6 years ago
ghost
commented
6 years ago The two apprentices Aaron and Ashley have coding tasks to start next week. Please get them involved in writing the wrapper script for the scan tool and automation thereof
kalbir
commented
6 years ago I've changed the description based on the planning discussions we had. I'm not sure who @8032 is but if they want to have a chat about getting the apprentices involved that would be helpful.
sid-secops
commented
6 years ago Hi Kalbir, Between the two guys, one of them will pair for the task. I will update who will be assigned. thank you very much for creating the new card with break down of tasks
sid-secops
commented
6 years ago This has been completed - https://waffle.io/ministryofjustice/cloud-platform/cards/5b2b792be28cfc0032f9c9dd
Background To scan MoJ git repos to prevent credentials and sensitive data being exposed. aws access keys, docker passwords, user credentials, sql db backup dump etc https://help.github.com/articles/removing-sensitive-data-from-a-repository/
Approach
Check the repositories https://github.com/ministryofjustice/repo-audit https://github.com/michenriksen/gitrob https://github.com/zricethezav/gitleaks
Prevent secrets from being committed to the repos https://github.com/awslabs/git-secrets
Detecting secrets in source code https://auth0.engineering/detecting-secrets-in-source-code-bd63b0fe4921 https://github.com/auth0/repo-supervisor https://github.com/fugue/credstash
Definition of Done
Stretch Goal -
Other References -