Skip to content
/ globomantics-secret-scanning-sandbox Public

A hands-on sandbox for learning GitHub Advanced Security (GHAS) custom secret scanning patterns. Perfect for teams implementing their own token protection rules.

pluralsight.com

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

timothywarner-org/globomantics-secret-scanning-sandbox

BranchesTags

Repository files navigation

Globomantics Secret Scanning Sandbox πŸ€–

License: MIT Website

Test Globomantics Secret Pattern

Test Secret Scanning Alert

A practical sandbox for testing GitHub Advanced Security (GHAS) custom secret scanning patterns

From the Office of the CTO, Globomantics Corp.

Overview

This repository serves as a learning sandbox for implementing and testing custom secret scanning patterns with GitHub Advanced Security. It's specifically designed for teams learning how to protect their unique authentication token formats using GHAS.

🎯 What You'll Learn

  • How to define custom secret scanning patterns
  • Testing your patterns in a safe environment
  • Implementing push protection for custom secrets
  • Best practices for secret pattern definition

πŸš€ Quick Start

  1. Fork this repository to your organization
  2. Enable GitHub Advanced Security features: 
    gh api -X PATCH repos/YOUR-ORG/globomantics-secret-sandbox \
  -f security_and_analysis.advanced_security.status=enabled \
  -f security_and_analysis.secret_scanning.status=enabled \
  -f security_and_analysis.secret_scanning_push_protection.status=enabled
  3. Run the test script: 
    ./run-secret-test.sh

πŸ“‹ Custom Pattern Example

This repository includes a sample custom pattern for Globomantics robot authentication tokens:

gbot-(dev|prod)-[A-Fa-f0-9]{16}

This pattern matches our standard robot token format:

  • gbot-dev-xxxxabcd5678ef90
  • gbot-prod-A1B2C3D4E5F6xxxx

πŸ” Testing Your Pattern

  1. Check the pattern definition in globomantics-robot-auth-token-formats.md
  2. Use the provided test script: run-secret-test.sh
  3. Monitor results in GitHub Security tab

πŸ“š Learning Resources

⚠️ Important Notes

  • This is a sandbox environment - perfect for learning and testing
  • Never use real secrets or tokens
  • Pattern testing may take a few minutes to complete
  • Push protection requires additional configuration

🀝 Contributing

Found a way to improve the patterns or tests? Submit a PR! We're always looking to enhance our security practices.

πŸ“„ License

MIT - See LICENSE for details

Git Hooks Setup

This repository includes Git hooks for security scanning. To enable them, either:

  1. Run the setup script:

    ./setup-hooks.sh

  2. Or manually configure:

    git config core.hooksPath .hooks

The pre-commit hook will:

  • Scan staged files for AWS keys
  • Block commits that contain potential secrets
  • Show which files contain secrets

"Security is not a product, but a process." - Bruce Schneier

About

A hands-on sandbox for learning GitHub Advanced Security (GHAS) custom secret scanning patterns. Perfect for teams implementing their own token protection rules.

pluralsight.com

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages