Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lirantal/detect-secrets
A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
https://github.com/lirantal/detect-secrets
detect-secrets git-hooks git-secrets pre-commit secrets yelp
Last synced: about 1 month ago
JSON representation
A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
- Host: GitHub
- URL: https://github.com/lirantal/detect-secrets
- Owner: lirantal
- License: apache-2.0
- Created: 2019-07-02T22:14:18.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-04-07T18:23:58.000Z (over 2 years ago)
- Last Synced: 2024-08-02T19:49:48.977Z (about 2 months ago)
- Topics: detect-secrets, git-hooks, git-secrets, pre-commit, secrets, yelp
- Language: JavaScript
- Size: 1.27 MB
- Stars: 48
- Watchers: 2
- Forks: 4
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
detect-secrets
A developer-friendly secrets detection tool for CI and pre-commit hooks# About
The `detect-secrets` npm package is a Node.js-based wrapper for Yelp's [detect-secrets](https://github.com/Yelp/detect-secrets) tool that aims to provide an accessible and developer-friendly method of introducing secrets detection in pre-commit hooks.
Yelp's detect-secrets is based on Python and requires explicit installation from developers. Moreover, its installation may be challenging in different operating systems. `detect-secrets` aims to alleviate this challenge by:
1. Attempt to locate Yelp's detect-secrets tool, and if it exists in the path to execute it.
If it fails it continues to:
2. Attempt to locate the docker binary and if it exists it will download and execute the docker container for [lirantal/detect-secrets](https://github.com/lirantal/docker-detect-secrets) which has Yelp's detect-secrets inside the image.
If this fails as well:
3. Exit with a warning message
--
The above described fallback strategy is used to find an available method of executing the detect-secrets tool to protect the developer from leaking secrets into source code control.
# Install
```bash
npm install --save detect-secrets
```This will expose `detect-secrets-launcher` Node.js executable file.
Another way to invoke it is with npx which will download and execute the detect-secrets wrapper on the fly:
```bash
npx detect-secrets [arguments]
```# Usage
If you're using `husky` to manage pre-commit hooks configuration, then enabling secrets detection is as simple as adding another hook entry.
```js
"husky": {
"hooks": {
"pre-commit": "detect-secrets-launcher src/*"
}
}
```If you're using `husky` and `lint-staged` to manage pre-commit hooks configuration and running static code analysis on staged files, then enabling secrets detection is as simple as adding another lint-staged entry.
A typical setup will look like this as an example:
```js
"husky": {
"hooks": {
"pre-commit": "lint-staged"
},
},
"lint-staged": {
"linters": {
"**/*.js": [
"detect-secrets-launcher --baseline .secrets-baseline"
]
}
}
```If you're not using a baseline file (it is created using Yelp's server-side detect-secrets tool) then you can simply omit this out and keep it as simple as `detect-secrets-launcher`.
# Example
To scan the `index.js` file within a repository for the potential of leaked secrets inside it run the following:
```bash
detect-secrets-launcher index.js
```Note that `index.js` has to be staged and versioned control. Any other plain file that is not known to git will not be scanned.
# Contributing
Please consult [CONTIRBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.
# Author
**detect-secrets** © [Liran Tal](https://github.com/lirantal), Released under the [Apache-2.0](./LICENSE) License.