From 12c8fb715ab3b6e9e0ebdcbef4b736af249123b3 Mon Sep 17 00:00:00 2001 From: Dinne Kopelevich Date: Fri, 17 Jan 2025 09:22:40 -0700 Subject: [PATCH 1/2] Add links to bulkextrator tiers 2,3,4 Signed-off-by: Dinne Kopelevich --- tier2/checklist.md | 6 ++++-- tier3/checklist.md | 2 ++ tier4/checklist.md | 2 ++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tier2/checklist.md b/tier2/checklist.md index 232988f..9b6a511 100644 --- a/tier2/checklist.md +++ b/tier2/checklist.md @@ -126,7 +126,8 @@ Below is a list of suggested tools to run for code analysis: | --------------- | -------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks ๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | -| git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results @@ -166,7 +167,8 @@ Consider using the following tools to perform the tasks above: | Tool | Description | Link | | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | -| git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results diff --git a/tier3/checklist.md b/tier3/checklist.md index 037e286..4db83b7 100644 --- a/tier3/checklist.md +++ b/tier3/checklist.md @@ -154,6 +154,7 @@ Below is a list of suggested tools to run for code analysis: | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results @@ -195,6 +196,7 @@ Consider using the following tools to perform the tasks above: | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results diff --git a/tier4/checklist.md b/tier4/checklist.md index 3ddb66a..df2e458 100644 --- a/tier4/checklist.md +++ b/tier4/checklist.md @@ -155,6 +155,7 @@ Below is a list of suggested tools to run for code analysis: | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks ๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier4/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results @@ -197,6 +198,7 @@ Consider using the following tools to perform the tasks above: | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier4/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | #### Results From da013f8dac5f0755af85f18f0bfbcf08e991789c Mon Sep 17 00:00:00 2001 From: Dinne Kopelevich Date: Fri, 24 Jan 2025 10:18:05 -0700 Subject: [PATCH 2/2] Update bulk-extractor to point to OSPO Guide Signed-off-by: Dinne Kopelevich --- tier2/checklist.md | 4 ++-- tier3/checklist.md | 4 ++-- tier4/checklist.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tier2/checklist.md b/tier2/checklist.md index 9b6a511..837cd95 100644 --- a/tier2/checklist.md +++ b/tier2/checklist.md @@ -127,7 +127,7 @@ Below is a list of suggested tools to run for code analysis: | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks ๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results @@ -168,7 +168,7 @@ Consider using the following tools to perform the tasks above: | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier2/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results diff --git a/tier3/checklist.md b/tier3/checklist.md index 4db83b7..45de00a 100644 --- a/tier3/checklist.md +++ b/tier3/checklist.md @@ -154,7 +154,7 @@ Below is a list of suggested tools to run for code analysis: | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results @@ -196,7 +196,7 @@ Consider using the following tools to perform the tasks above: | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier3/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results diff --git a/tier4/checklist.md b/tier4/checklist.md index df2e458..b9f2144 100644 --- a/tier4/checklist.md +++ b/tier4/checklist.md @@ -155,7 +155,7 @@ Below is a list of suggested tools to run for code analysis: | Repo Linter | Lint repositories for common issues such as missing files,etc... | https://github.com/todogroup/repolinter | | Gitleaks | Protect and discover secrets using Gitleaks ๐Ÿ”‘ | https://github.com/gitleaks/gitleaks
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier4/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results @@ -198,7 +198,7 @@ Consider using the following tools to perform the tasks above: | --------------- | ------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | gitleaks | Open source tool that detects and prevents secrets (passwords/api/ssh keys) checked-in to your git repo | https://github.com/gitleaks/gitleaks
[What is git leaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
Use and run [gitleaks.yml](https://github.com/DSACMS/repo-scaffolder/blob/main/tier4/%7B%7Bcookiecutter.project_slug%7D%7D/.github/workflows/gitleaks.yml) provided in repository | | git filter-repo | Entirely remove unwanted files / files with sensitive data from a repository's history | https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository | -| Bulk_extractor | Check for secrets, URLs, emails, etc. | https://github.com/simsong/bulk_extractor https://docs.google.com/document/d/1ENQzI3ea3o9izOPu0sghwk1FU8TReVoCHlt21NoIKZQ/edit?tab=t.0#heading=h.4wtx3g49kbj0 | +| Bulk_extractor | Check for secrets, URLs, emails, etc. | [Bulk_extractor Official Documentation](https://github.com/simsong/bulk_extractor)
[OSPO Guide Documentation](https://github.com/DSACMS/ospo-guide/blob/main/outbound/bulk_extractor.md) | #### Results