From 15a2145d9a7f8e55e0b5d407dddce4825fc3a749 Mon Sep 17 00:00:00 2001 From: Jonathan Harden Date: Mon, 19 Feb 2024 13:50:39 +0000 Subject: [PATCH] PP-11218: Update to meet GOV.UK Pay minimum new repo standards --- .github/dependabot.yml | 33 +++++++++ .pre-commit-config.yaml | 6 ++ .secrets.baseline | 147 ++++++++++++++++++++++++++++++++++++++++ README.md | 8 +++ 4 files changed, 194 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..983e2b3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,33 @@ +--- +version: 2 +updates: +- package-ecosystem: gomod + directory: "/" + schedule: + interval: daily + time: "03:00" + open-pull-requests-limit: 0 + labels: + - dependencies + - govuk-pay + - go +- package-ecosystem: docker + directory: "/" + schedule: + interval: daily + time: "03:00" + open-pull-requests-limit: 10 + labels: + - dependencies + - govuk-pay + - docker +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + time: "03:00" + open-pull-requests-limit: 0 + labels: + - dependencies + - govuk-pay + - github_actions diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..aec0188 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +repos: + - repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 + hooks: + - id: detect-secrets + args: [ '--baseline', '.secrets.baseline' ] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..5509ed9 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,147 @@ +{ + "version": "1.4.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + "docker-compose-with-concourse.yml": [ + { + "type": "Secret Keyword", + "filename": "docker-compose-with-concourse.yml", + "hashed_secret": "ca66bfecf61fa20a7f2042ed06f5c90b38e696cd", + "is_verified": false, + "line_number": 34, + "is_secret": false + } + ], + "examples/simple-pipeline.yml": [ + { + "type": "Secret Keyword", + "filename": "examples/simple-pipeline.yml", + "hashed_secret": "d033e22ae348aeb5660fc2140aec35850c4da997", + "is_verified": false, + "line_number": 14, + "is_secret": false + } + ], + "pkg/out/out_test.go": [ + { + "type": "Secret Keyword", + "filename": "pkg/out/out_test.go", + "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", + "is_verified": false, + "line_number": 33, + "is_secret": false + } + ] + }, + "generated_at": "2024-02-19T13:47:06Z" +} diff --git a/README.md b/README.md index bf4ac1f..2582c4c 100644 --- a/README.md +++ b/README.md @@ -194,3 +194,11 @@ docker-compose down which will ensure that all software components are present, built, and ready to test against. + +## Licence + +[MIT License](LICENSE) + +## Vulnerability Disclosure + +GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. Please refer to our [vulnerability disclosure policy](https://www.gov.uk/help/report-vulnerability) and our [security.txt](https://vdp.cabinetoffice.gov.uk/.well-known/security.txt) file for details.