Skip to content

Commit

Permalink
Merge pull request #318 from MannLabs/add-check-for-secrets
Browse files Browse the repository at this point in the history 
add detect-secrets pre-commit hook
  • Loading branch information
@mschwoer
mschwoer authored Sep 12, 2024
2 parents 760fd38 + 6809816 commit dd5e5fa
Show file tree
Hide file tree
Showing 3 changed files with 173 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,5 @@ build_pyinstaller
.vscode

**/.ipynb_checkpoints

**/*secrets.toml
7 changes: 7 additions & 0 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,10 @@ repos:
hooks:
- id: ruff-format
# - id: ruff
- repo: https://github.com/Yelp/detect-secrets
rev: v1.5.0
hooks:
- id: detect-secrets
# exclude-lines are to avoid false positives in notebooks
args: ['--baseline', '.secrets.baseline', '--exclude-lines', '"(hash|id|image/\w+)":.*' ]
exclude: testfiles
164 changes: 164 additions & 0 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
{
"version": "1.5.0",
"plugins_used": [
{
"name": "ArtifactoryDetector"
},
{
"name": "AWSKeyDetector"
},
{
"name": "AzureStorageKeyDetector"
},
{
"name": "Base64HighEntropyString",
"limit": 4.5
},
{
"name": "BasicAuthDetector"
},
{
"name": "CloudantDetector"
},
{
"name": "DiscordBotTokenDetector"
},
{
"name": "GitHubTokenDetector"
},
{
"name": "GitLabTokenDetector"
},
{
"name": "HexHighEntropyString",
"limit": 3.0
},
{
"name": "IbmCloudIamDetector"
},
{
"name": "IbmCosHmacDetector"
},
{
"name": "IPPublicDetector"
},
{
"name": "JwtTokenDetector"
},
{
"name": "KeywordDetector",
"keyword_exclude": ""
},
{
"name": "MailchimpDetector"
},
{
"name": "NpmDetector"
},
{
"name": "OpenAIDetector"
},
{
"name": "PrivateKeyDetector"
},
{
"name": "PypiTokenDetector"
},
{
"name": "SendGridDetector"
},
{
"name": "SlackDetector"
},
{
"name": "SoftlayerDetector"
},
{
"name": "SquareOAuthDetector"
},
{
"name": "StripeDetector"
},
{
"name": "TelegramBotTokenDetector"
},
{
"name": "TwilioKeyDetector"
}
],
"filters_used": [
{
"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
},
{
"path": "detect_secrets.filters.common.is_baseline_file",
"filename": ".secrets.baseline"
},
{
"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
"min_level": 2
},
{
"path": "detect_secrets.filters.heuristic.is_indirect_reference"
},
{
"path": "detect_secrets.filters.heuristic.is_likely_id_string"
},
{
"path": "detect_secrets.filters.heuristic.is_lock_file"
},
{
"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
},
{
"path": "detect_secrets.filters.heuristic.is_potential_uuid"
},
{
"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
},
{
"path": "detect_secrets.filters.heuristic.is_sequential_string"
},
{
"path": "detect_secrets.filters.heuristic.is_swagger_file"
},
{
"path": "detect_secrets.filters.heuristic.is_templated_secret"
},
{
"path": "detect_secrets.filters.regex.should_exclude_file",
"pattern": [
"testfiles"
]
},
{
"path": "detect_secrets.filters.regex.should_exclude_line",
"pattern": [
"\"(hash|id|image/\\w+)\":.*"
]
}
],
"results": {
"alphastats/gui/utils/ollama_utils.py": [
{
"type": "Secret Keyword",
"filename": "alphastats/gui/utils/ollama_utils.py",
"hashed_secret": "8ed4322e8e2790b8c928d381ce8d07cfd966e909",
"is_verified": false,
"line_number": 68,
"is_secret": false
}
],
"docs/workflow_mq.html": [
{
"type": "Base64 High Entropy String",
"filename": "docs/workflow_mq.html",
"hashed_secret": "a5b0e1471957df2229fa14577e981cf10a0e8f28",
"is_verified": false,
"line_number": 19,
"is_secret": false
}
]
},
"generated_at": "2024-09-12T14:19:09Z"
}

0 comments on commit dd5e5fa

Please sign in to comment.