Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/larryclaman/docker-detect-secrets
https://github.com/larryclaman/docker-detect-secrets
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/larryclaman/docker-detect-secrets
- Owner: larryclaman
- License: apache-2.0
- Created: 2020-12-15T20:19:08.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-12-15T21:15:39.000Z (about 4 years ago)
- Last Synced: 2024-10-20T07:36:43.608Z (3 months ago)
- Language: Dockerfile
- Size: 17.6 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: security.txt
Awesome Lists containing this project
README
# About
_Forked from https://github.com/lirantal/docker-detect-secrets_
A docker image to enable invoking of Yelp's [detect-secrets](https://github.com/Yelp/detect-secrets) hook command without having to install the python package.
Find it at: https://github.com/users/larryclaman/packages/container/package/dockerdetectsecrets
# Usage
## Detecting secrets in a project
Runs the `detect-secrets-hook` command for a given git project, with the following options:
- The current directory is assumed to be the .git root directory and so the volume mounts `pwd` to the container's `/usr/src/app` directory
- `src/index.js` and `src/component.js` are files for which will be tested for secrets
```bash
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"
```
## Detecting secrets in a project that has a baseline
If a project has a previously created `.secrets-baseline` it can be passed as a command argument to the container:
```bash
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"
```
## Detecting secrets in a monorepo style project
For projects which exhibit a structure such as:
```
| app
|_ .git/
|_ client/
|_ server/
|_ .secrets-baseline
```
it is required to tweak the execution of `detect-secrets-hook` when it runs in the container image to simulate the exact scenario of it running inside the nested `server/` directory, while mounting the top level application directory:
```bash
docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"
```
# Developing
Building the image from the Dockerfile and then you may execute it locally:
```bash
docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .
```
# Author
Liran Tal