search

praetorian-inc / chariot-ui

Chariot Offensive Security Platform
https://preview.chariot.praetorian.com
MIT License
15 stars 6 forks source link

name github secrets scanning risks according to NP rule #74

Closed praetorian-matt-schneider closed 2 weeks ago

praetorian-matt-schneider commented 2 weeks ago

Feature Description when a secrets scanning detection occurs, name the risk according to the NP rule. this would look like telegram-token or generic-password.

Problem current github secrets scanning detections are named according to the filename and line number. this naming convention does not indicate the nature of the risk, which can be confusing for users. this also makes generating risk descriptions and recommendations difficult because a new description would need to be generated and associated with virtually every new detection.

here is an example list of github secrets detection risks: image

here is an example NP finding: image

note the Rule Name field boxed in red - this is what may be a more appropriate naming source for secrets detection finding names.

praetorian-rad commented 2 weeks ago

Addressed in https://github.com/praetorian-inc/chaos/pull/868

praetorian-matt-schneider commented 2 weeks ago

thank you!