Open madchap opened 3 years ago
cutler-scott-newrelic
commented
3 years ago I'd like to do this but it will take some significant effort. Mainly I need to run it by the New Relic open source committee since it will require a second stand-alone repository and should probably live in the New Relic org as well. Once I get their OK I'll start doing some digging and learning, as I really stink at all things containers.
cutler-scott-newrelic
commented
3 years ago Sounds like the NR Open Source committee is OK with it, so I'll try working on this as time permits over the next few weeks. If anyone else wants to contribute here I'm happy to fork a repo you make and publish it under the NR org.
wetfeet2000
commented
3 years ago I haven't had time for this lately because the Github actions is a whole other platform that I would need to learn. And I have paternity leave coming up so most of my effort is going to be focused on my current work project and smaller maintenance patches. If someone wants to work on this, please feel free and reach out to me over DM. I would be happy to make sure it gets published under the New Relic org with appropriate credit. I'm also happy to answer questions and help you out. Otherwise it will probably have to wait until either a New Relic intern picks it up or I get back in 2022.
cutler-scott-newrelic
commented
2 years ago So I got back from paternity leave but have not had any time to try to work on this. I still think it's an interesting idea, but I am hoping someone else can show how to implement it and/or provide a PR. I'll keep this ticket open, and potentially see if we have another intern interested in taking a crack at it.
cutler-scott-newrelic
commented
2 years ago I'm realizing that using GitHub actions to create binaries for all the various platforms (Apple x86/ARM, Linux, Windows) would be a big win here, so I'm going to prioritize this work. My team and the application security team at NR are currently strapped and overloaded, so as soon as we have some breathing room to work on this we will.
madchap
commented
1 year ago Hi @cutler-scott-newrelic, trust you're doing well :)
I was checking back on this project as I'd like to re-assess it in my new workplace at some point. Is rusty-hog still something that's active from your PoV? Cheers.
cutler-scott-newrelic
commented
1 year ago Hi Madchap! Yes, this is still active, but right now my time is very limited with a little one at home and I have officially moved out of the application-security team at New Relic. So the plan is to do limited maintenance and/or small requests until I'm able to hand this off to the (new) security automation team around Jan 2023. If someone is able to write the code for this specific feature I'm happy to merge a PR, but I don't foresee having the time or energy for getting Github Actions working any time soon.
madchap
commented
1 year ago That's fair, thanks for the update @cutler-scott-newrelic and all the best with the little one :-)
Summary
It would be super nice to have a GHA for choctaw hog :-)
I noticed that trufflehog had one (even though I never tried it): https://github.com/marketplace/actions/trufflehog-actions-scan
Desired Behaviour
For starters, probably something basic. Of course and ideally, we'd have a simple UX way to mark status on findings to keep up lists of false-positives, etc.. so they don't come back to haunt us again!
Additional context
CI context, e.g. run automatically on PRs.