Skip to content

Commit a9e0788

Browse files
gmsdelmundogmsdelmundo
authored
Merge pull request #149 from IABTechLab/gdm-UID2-1276-secret-scanning
Added pre-commit and trivy scan configs
2 parents dbab583 + f658672 commit a9e0788

File tree

4 files changed

+198
-1
lines changed

4 files changed

+198
-1
lines changed

.github/workflows/build-and-test.yaml

-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
name: Build and Test
2-
32
on: [pull_request, push, workflow_dispatch]
43

54
jobs:

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,4 @@ build/**
1111
.DS_Store
1212
*/node_modules/*
1313
*.iml
14+
.pre-commit-trivy-cache/

.pre-commit-config.yaml

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
repos:
2+
- repo: https://github.com/mxab/pre-commit-trivy.git
3+
rev: v0.5.1
4+
hooks:
5+
- id: trivyfs-docker
6+
args:
7+
- --scanners
8+
- secret
9+
- --secret-config
10+
- /src/trivy-secret.yaml
11+
- --skip-dirs
12+
- /src/target
13+
- --skip-dirs
14+
- /src/.idea
15+
- .

trivy-secret.yaml

+182
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,182 @@
1+
rules:
2+
##################
3+
# UID2 Admin Key #
4+
##################
5+
- id: uid2-admin-key-test
6+
category: uid2
7+
title: UID2 - Admin Key - Test
8+
severity: CRITICAL
9+
keywords:
10+
- UID2-A-T
11+
regex: (?P<secret>UID2-A-T-.{6}\..{38})
12+
secret-group-name: secret
13+
- id: uid2-admin-key-integ
14+
category: uid2
15+
title: UID2 - Admin Key - Integ
16+
severity: CRITICAL
17+
keywords:
18+
- UID2-A-I
19+
regex: (?P<secret>UID2-A-I-.{6}\..{38})
20+
secret-group-name: secret
21+
- id: uid2-admin-key-prod
22+
category: uid2
23+
title: UID2 - Admin Key - Prod
24+
severity: CRITICAL
25+
keywords:
26+
- UID2-A-P
27+
regex: (?P<secret>UID2-A-P-.{6}\..{38})
28+
secret-group-name: secret
29+
30+
###################
31+
# UID2 Client Key #
32+
###################
33+
- id: uid2-client-key-test
34+
category: uid2
35+
title: UID2 - Client Key - Test
36+
severity: CRITICAL
37+
keywords:
38+
- UID2-C-T
39+
regex: (?P<secret>UID2-C-T-.{6}\..{38})
40+
secret-group-name: secret
41+
- id: uid2-client-key-integ
42+
category: uid2
43+
title: UID2 - Client Key - Integ
44+
severity: CRITICAL
45+
keywords:
46+
- UID2-C-I
47+
regex: (?P<secret>UID2-C-I-.{6}\..{38})
48+
secret-group-name: secret
49+
- id: uid2-client-key-prod
50+
category: uid2
51+
title: UID2 - Client Key - Prod
52+
severity: CRITICAL
53+
keywords:
54+
- UID2-C-P
55+
regex: (?P<secret>UID2-C-P-.{6}\..{38})
56+
secret-group-name: secret
57+
58+
#####################
59+
# UID2 Operator Key #
60+
#####################
61+
- id: uid2-operator-key-test
62+
category: uid2
63+
title: UID2 - Operator Key - Test
64+
severity: CRITICAL
65+
keywords:
66+
- UID2-O-T
67+
regex: (?P<secret>UID2-O-T-.{6}\..{38})
68+
secret-group-name: secret
69+
- id: uid2-operator-key-integ
70+
category: uid2
71+
title: UID2 - Operator Key - Integ
72+
severity: CRITICAL
73+
keywords:
74+
- UID2-O-I
75+
regex: (?P<secret>UID2-O-I-.{6}\..{38})
76+
secret-group-name: secret
77+
- id: uid2-operator-key-prod
78+
category: uid2
79+
title: UID2 - Operator Key - Prod
80+
severity: CRITICAL
81+
keywords:
82+
- UID2-O-P
83+
regex: (?P<secret>UID2-O-P-.{6}\..{38})
84+
secret-group-name: secret
85+
86+
##################
87+
# EUID Admin Key #
88+
##################
89+
- id: euid-admin-key-test
90+
category: euid
91+
title: EUID - Admin Key - Test
92+
severity: CRITICAL
93+
keywords:
94+
- EUID-A-T
95+
regex: (?P<secret>EUID-A-T-.{6}\..{38})
96+
secret-group-name: secret
97+
- id: euid-admin-key-integ
98+
category: euid
99+
title: EUID - Admin Key - Integ
100+
severity: CRITICAL
101+
keywords:
102+
- EUID-A-I
103+
regex: (?P<secret>EUID-A-I-.{6}\..{38})
104+
secret-group-name: secret
105+
- id: euid-admin-key-prod
106+
category: euid
107+
title: EUID - Admin Key - Prod
108+
severity: CRITICAL
109+
keywords:
110+
- EUID-A-P
111+
regex: (?P<secret>EUID-A-P-.{6}\..{38})
112+
secret-group-name: secret
113+
114+
###################
115+
# EUID Client Key #
116+
###################
117+
- id: euid-client-key-test
118+
category: euid
119+
title: EUID - Client Key - Test
120+
severity: CRITICAL
121+
keywords:
122+
- EUID-C-T
123+
regex: (?P<secret>EUID-C-T-.{6}\..{38})
124+
secret-group-name: secret
125+
- id: euid-client-key-integ
126+
category: euid
127+
title: EUID - Client Key - Integ
128+
severity: CRITICAL
129+
keywords:
130+
- EUID-C-I
131+
regex: (?P<secret>EUID-C-I-.{6}\..{38})
132+
secret-group-name: secret
133+
- id: euid-client-key-prod
134+
category: euid
135+
title: EUID - Client Key - Prod
136+
severity: CRITICAL
137+
keywords:
138+
- EUID-C-P
139+
regex: (?P<secret>EUID-C-P-.{6}\..{38})
140+
secret-group-name: secret
141+
142+
#####################
143+
# EUID Operator Key #
144+
#####################
145+
- id: euid-operator-key-test
146+
category: euid
147+
title: EUID - Operator Key - Test
148+
severity: CRITICAL
149+
keywords:
150+
- EUID-O-T
151+
regex: (?P<secret>EUID-O-T-.{6}\..{38})
152+
secret-group-name: secret
153+
- id: euid-operator-key-integ
154+
category: euid
155+
title: EUID - Operator Key - Integ
156+
severity: CRITICAL
157+
keywords:
158+
- EUID-O-I
159+
regex: (?P<secret>EUID-O-I-.{6}\..{38})
160+
secret-group-name: secret
161+
- id: euid-operator-key-prod
162+
category: euid
163+
title: EUID - Operator Key - Prod
164+
severity: CRITICAL
165+
keywords:
166+
- EUID-O-P
167+
regex: (?P<secret>EUID-O-P-.{6}\..{38})
168+
secret-group-name: secret
169+
170+
disable-allow-rules:
171+
- tests
172+
- examples
173+
- vendor
174+
- usr-dirs
175+
- locale-dir
176+
- markdown
177+
- node.js
178+
- golang
179+
- python
180+
- rubygems
181+
- wordpress
182+
- anaconda-log

0 commit comments

Comments
 (0)