-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an audit --display option #191
Comments
To be clear, are you suggesting we determine the If this is so, might I suggest making this machine readable instead? And maybe the flag to be
|
re: ++, that sounds great. |
Maybe Just noting for later: we could also have this display the entropy count of each secret found. That'd be nice. (the one outputted from |
What about this? New option
|
I like how we can all agree on argument names 😆 I think we want this to be fairly separate and hard-to-confuse with the existing There is a lot of baggage around baseline format's, this will be fresh, clean and separate from all backwards/forwards compatibility concerns. The format in @domanchi's comment is good, with the possible improvement of the number in the following output can go next to the plaintext e.g.
This will remove the manual trial and error of running multiple times to determine where entropy drop-off's happen etc. |
I'm wondering if it'd be helpful, to have the repo name and the current Since you wouldn't commit this output ever, due to the plaintext secrets, you can't really use git history to your advantage. Thoughts? |
I guess this would sort of introduce the requirement that |
Fixed in #205 |
* 1st pass cloudant tests and detector * cleaning debugs * whitelisting secret false positive * correcting lint errors * correct line break errors * more lint * more lint * more lint * more lint * typo * more lint * more lint * PR responses
* 1st pass cloudant tests and detector * cleaning debugs * whitelisting secret false positive * correcting lint errors * correct line break errors * more lint * more lint * more lint * more lint * typo * more lint * more lint * PR responses
* 1st pass cloudant tests and detector * cleaning debugs * whitelisting secret false positive * correcting lint errors * correct line break errors * more lint * more lint * more lint * more lint * typo * more lint * more lint * PR responses
* 1st pass cloudant tests and detector * cleaning debugs * whitelisting secret false positive * correcting lint errors * correct line break errors * more lint * more lint * more lint * more lint * typo * more lint * more lint * PR responses
This will be extraordinarily helpful when developing new plugins, so I think it might be great to incorporate into detect-secrets.
--display
would display, per plugin, theThis would take some of the manual effort involved with adding a new plugin and adjusting the sensitivities and regexes, e.g. right now it is roughly: run scan,
cat
the baseline and see what was found by what plugins by comparing line numbers w/ the file you scanned, and thenaudit
ing to see which plaintext group was captured as a secret.We can probably use
textwrap
more or something, to make the output look pretty.The text was updated successfully, but these errors were encountered: