https://github.com/lirantal/docker-detect-secrets

A docker image for Yelp's docker-secrets python application
https://github.com/lirantal/docker-detect-secrets

detect-secrets docker git secrets

Last synced: 2 days ago
JSON representation

A docker image for Yelp's docker-secrets python application

• Host: GitHub
• URL: https://github.com/lirantal/docker-detect-secrets
• Owner: lirantal
• License: apache-2.0
• Created: 2019-05-21T16:20:39.000Z (almost 6 years ago)
• Default Branch: main
• Last Pushed: 2024-03-02T19:42:45.000Z (about 1 year ago)
• Last Synced: 2024-03-03T00:24:48.828Z (about 1 year ago)
• Topics: detect-secrets, docker, git, secrets
• Language: Dockerfile
• Size: 19.5 KB
• Stars: 5
• Watchers: 3
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: security.txt

Awesome Lists containing this project

README

        
# About

A docker image to enable invoking of Yelp's [detect-secrets](https://github.com/Yelp/detect-secrets) hook command without having to install the python package.

This image is deployed to Docker Hub at: https://hub.docker.com/r/lirantal/detect-secrets

# Usage

## Detecting secrets in a project

Runs the `detect-secrets-hook` command for a given git project, with the following options:

- The current directory is assumed to be the .git root directory and so the volume mounts `pwd` to the container's `/usr/src/app` directory

- `src/index.js` and `src/component.js` are files for which will be tested for secrets

```bash

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"

```

## Detecting secrets in a project that has a baseline

If a project has a previously created `.secrets-baseline` it can be passed as a command argument to the container:

```bash

docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"

```

## Detecting secrets in a monorepo style project

For projects which exhibit a structure such as:

```

| app

  |_ .git/

  |_ client/

  |_ server/

       |_ .secrets-baseline

```

it is required to tweak the execution of `detect-secrets-hook` when it runs in the container image to simulate the exact scenario of it running inside the nested `server/` directory, while mounting the top level application directory:

```bash

docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"

```

# Developing

Building the image from the Dockerfile and then you may execute it locally:

```bash

docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .

```

# Author

Liran Tal