Closed sid-secops closed 6 years ago
The two apprentices Aaron and Ashley have coding tasks to start next week. Please get them involved in writing the wrapper script for the scan tool and automation thereof
I've changed the description based on the planning discussions we had. I'm not sure who @8032 is but if they want to have a chat about getting the apprentices involved that would be helpful.
Hi Kalbir, Between the two guys, one of them will pair for the task. I will update who will be assigned. thank you very much for creating the new card with break down of tasks
This has been completed - https://waffle.io/ministryofjustice/cloud-platform/cards/5b2b792be28cfc0032f9c9dd
Background To scan MoJ git repos to prevent credentials and sensitive data being exposed. aws access keys, docker passwords, user credentials, sql db backup dump etc https://help.github.com/articles/removing-sensitive-data-from-a-repository/
Approach
Check the repositories https://github.com/ministryofjustice/repo-audit https://github.com/michenriksen/gitrob https://github.com/zricethezav/gitleaks
Prevent secrets from being committed to the repos https://github.com/awslabs/git-secrets
Detecting secrets in source code https://auth0.engineering/detecting-secrets-in-source-code-bd63b0fe4921 https://github.com/auth0/repo-supervisor https://github.com/fugue/credstash
Definition of Done
Stretch Goal -
Other References -