search

ruxailab / RUXAILAB

RUXAILAB - Usability Testing and Heuristics Evaluation Conceptual learning
MIT License
41 stars 62 forks source link

gitguardian action #475

Open sergiobeltranguerrero opened 4 months ago

sergiobeltranguerrero commented 4 months ago

Implementing GitGuardian for Code Secret Protection

Benefits of Using GitGuardian

Implementing GitGuardian in our repository offers the following key benefits:

  1. Real-Time Secret Detection:
    • GitGuardian automatically scans our code for secrets such as API keys, credentials, and tokens that may have been inadvertently exposed.

image

  1. Prevention of Data Leaks:

    • By identifying and alerting on potential exposed secrets, we can prevent data leaks that could lead to unauthorized access and security breaches.

  2. Compliance and Security:

    • Keeping our repository free of secrets helps comply with security best practices and regulatory compliance policies, ensuring our organization follows appropriate standards for managing sensitive information.

  3. Centralized Incident Dashboard:

    • GitGuardian provides an intuitive dashboard where we can view and manage all security incidents detected in our repository. This enables us to monitor, investigate, and quickly resolve any issues related to secret exposure.

image

Instructions for Generating and Adding the GitGuardian API Key

To configure GitGuardian in this repository, we need an API key. Follow these steps to generate and add it to GitHub secrets:

  1. Create a GitGuardian Account:

    • If you don't already have one, sign up for a GitGuardian account and follow the instructions to create your account.

  2. Generate an API Key:

    • Once logged in to GitGuardian, go to the account settings section and look for the option to generate a new API key.
    • Give your API key a name for easy identification (e.g., "GitHub Actions API Key") and create the key.

  3. Add the API Key to GitHub Secrets:

    • Go to your repository on GitHub.
    • Navigate to the "Settings" tab of the repository.
    • In the left-hand menu, select "Secrets and variables" and then "Actions".
    • Click "New repository secret" to create a new secret.
    • Enter GITGUARDIAN_API_KEY as the name of the secret.
    • Paste the API key generated in GitGuardian into the value field and save the secret.

Once you've added the API key as a secret, it will be available for GitHub Actions workflows and allow GitGuardian to scan our code securely.

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

github-actions[bot] commented 3 months ago

⚠️ The tests have failed, @jvJUCA Please review the proposed changes.