https://github.com/statcan/aaw-kubeflow-pipelines-secret-scanner

Scan all Kubeflow pipelines for exposed secrets
https://github.com/statcan/aaw-kubeflow-pipelines-secret-scanner

aaw daaas kfp kubernetes

Last synced: 3 months ago
JSON representation

Scan all Kubeflow pipelines for exposed secrets

• Host: GitHub
• URL: https://github.com/statcan/aaw-kubeflow-pipelines-secret-scanner
• Owner: StatCan
• License: gpl-2.0
• Created: 2021-02-25T21:56:44.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2021-04-20T14:39:29.000Z (about 4 years ago)
• Last Synced: 2025-02-01T10:44:21.393Z (5 months ago)
• Topics: aaw, daaas, kfp, kubernetes
• Language: Python
• Homepage:
• Size: 564 KB
• Stars: 2
• Watchers: 10
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: COPYING

Awesome Lists containing this project

README

        
# kfp-secret-scanner

Scan for Kubeflow pipelines secrets. 

## How to use it

1. Push the `app` to `$REGISTRY/kfp-secret-scanner:$VERSION`

2. Configure the `chart/values.yaml` file accordingly

3. Create the `elastic-creds` secret using `create-elk-secret.sh` (it will prompt you)

4. Deploy the helm chart as you please, adding the `imagePullSecret` and namespace, probably.

5. If you want, trigger a manual run with `./manual-run.sh -n $NAMESPACE`

Then voila! Check kibana.

![Screenshot](screenshot.png)

![Alerts](alerts.png)

# Attribution

The secret scanner borrows from [Trufflehog](https://github.com/dxa4481/truffleHog), and 

the code and inspiration for scraping the kubeflow pipelines API came from [@wg102's repo](https://github.com/wg102/kubeflow_pipeline_detection).