From e9f00c2340de4fb9c33c1559ec1d3b0ac10f27a9 Mon Sep 17 00:00:00 2001 From: "ian.nara" Date: Sun, 27 Aug 2023 14:25:35 -0600 Subject: [PATCH 1/2] update trivy secret --- trivy-secret.yaml | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/trivy-secret.yaml b/trivy-secret.yaml index 1afd1ec..0785f71 100644 --- a/trivy-secret.yaml +++ b/trivy-secret.yaml @@ -83,6 +83,34 @@ rules: regex: (?PUID2-O-P-.{6}\..{38}) secret-group-name: secret + ######################################## + # UID2 Client Side Keypair Private Key # + ######################################## + - id: uid2-client-side-keypair-private-key-test + category: uid2 + title: UID2 - Client Side Keypair Private Key - Test + severity: CRITICAL + keywords: + - UID2-Y-T + regex: (?PUID2-Y-T-.{92}) + secret-group-name: secret + - id: uid2-client-side-keypair-private-key-integ + category: uid2 + title: UID2 - Client Side Keypair Private Key - Integ + severity: CRITICAL + keywords: + - UID2-Y-I + regex: (?PUID2-Y-I-.{92}) + secret-group-name: secret + - id: uid2-client-side-keypair-private-key-prod + category: uid2 + title: UID2 - Client Side Keypair Private Key - Prod + severity: CRITICAL + keywords: + - UID2-Y-P + regex: (?PUID2-Y-P-.{92}) + secret-group-name: secret + ################## # EUID Admin Key # ################## @@ -167,6 +195,35 @@ rules: regex: (?PEUID-O-P-.{6}\..{38}) secret-group-name: secret + + ######################################## + # EUID Client Side Keypair Private Key # + ######################################## + - id: euid-client-side-keypair-private-key-test + category: euid + title: EUID - Client Side Keypair Private Key - Test + severity: CRITICAL + keywords: + - EUID-Y-T + regex: (?PEUID-Y-T-.{92}) + secret-group-name: secret + - id: euid-client-side-keypair-private-key-integ + category: euid + title: EUID - Client Side Keypair Private Key - Integ + severity: CRITICAL + keywords: + - EUID-Y-I + regex: (?PEUID-Y-I-.{92}) + secret-group-name: secret + - id: euid-client-side-keypair-private-key-prod + category: euid + title: EUID - Client Side Keypair Private Key - Prod + severity: CRITICAL + keywords: + - EUID-Y-P + regex: (?PEUID-Y-P-.{92}) + secret-group-name: secret + disable-allow-rules: - tests - examples From 668a0a0a5211d29cb53cabd7f318740abeef1087 Mon Sep 17 00:00:00 2001 From: "ian.nara" Date: Wed, 30 Aug 2023 09:16:26 -0600 Subject: [PATCH 2/2] remove cstg from euid trivy-secret.yaml --- trivy-secret.yaml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/trivy-secret.yaml b/trivy-secret.yaml index 0785f71..54d56af 100644 --- a/trivy-secret.yaml +++ b/trivy-secret.yaml @@ -195,35 +195,6 @@ rules: regex: (?PEUID-O-P-.{6}\..{38}) secret-group-name: secret - - ######################################## - # EUID Client Side Keypair Private Key # - ######################################## - - id: euid-client-side-keypair-private-key-test - category: euid - title: EUID - Client Side Keypair Private Key - Test - severity: CRITICAL - keywords: - - EUID-Y-T - regex: (?PEUID-Y-T-.{92}) - secret-group-name: secret - - id: euid-client-side-keypair-private-key-integ - category: euid - title: EUID - Client Side Keypair Private Key - Integ - severity: CRITICAL - keywords: - - EUID-Y-I - regex: (?PEUID-Y-I-.{92}) - secret-group-name: secret - - id: euid-client-side-keypair-private-key-prod - category: euid - title: EUID - Client Side Keypair Private Key - Prod - severity: CRITICAL - keywords: - - EUID-Y-P - regex: (?PEUID-Y-P-.{92}) - secret-group-name: secret - disable-allow-rules: - tests - examples