Open Ameston opened 2 days ago
noah-tutt-praetorian
commented
2 days ago @praetorian-rad can confirm, but I believe we named the risks that way so that different definition files were possible - if that behavior isn't needed, we can likely simplify the name back to its previous form.
Ameston
commented
2 days ago Gotcha, it looks like there's more than one risk name per rule.
I suspect a nice middle ground would be simply removing the hex string at the end and having one definition per rule. @praetorian-matt-schneider gets back next week, and I'd like to get his input (he explored secret scanning the most in old Chariot), so let's punt til Monday.
Problem Currently, NP scans generate a large number of uniquely titled risks, such as
git-secrets-generic:HEX. As a result, we'd need to add a unique definitions file for each risk (since the names are all different), which would cause a lot of bloat in the system.Preferred Solution Enable the hydration of NP findings through a single definition. We may opt for a single definition per NP rule, but I suspect that will also be hard to manage. We can fast-follow the initial solution if necessary. I'm also open to any other suggestions/systems. Thank you!