-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doesn't seem to work #192
Comments
Hi @retr0h, Can you post some code snippets so that we can reproduce your issue on our end? It's very hard to debug what's wrong without referencing specific examples. |
@domanchi here you go https://github.com/retr0h/detect-secrets-192 I'm simply wanting a way to ensure the new passwords that get added are found. I assumed if a new password was found and wasn't in baseline, I would be notified of this. I was looking to run the pre-commit hook, and also as a premerge gate job with tox. |
Looking at your repro steps in https://github.com/retr0h/detect-secrets-192/blob/master/README.md, my reckoning is that you need to run the correct invocation of the
This hook was initially designed to be compatible with https://pre-commit.com/, and that engine essentially passes all staged files as arguments to the hook. |
@domanchi thank you. Looks like I could compare against non-staged files as well with:
|
* Fix AWS verify Addresses git-defenders/detect-secrets-discuss#187 * Improve tests
* Fix AWS verify Addresses git-defenders/detect-secrets-discuss#187 * Improve tests
Refactor AWS verification to enable reuse for owner resolution Follow up of git-defenders/detect-secrets-stream#182 Fix AWS verify (Yelp#192) Addresses git-defenders/detect-secrets-discuss#187 Refactor get_caller_info into a general query_aws function (Yelp#193) Allows reuse of this same function to query for email address using accountid. Supports git-defenders/detect-secrets-discuss#185 Follow up of [this thread](https://github.ibm.com/git-defenders/detect-secrets-stream/pull/182#discussion_r2404867) * Docstring update
I'm having a hard time understanding how to use this. I have a branch with some known passwords. They are properly reported when running scan and the baseline has been created.
I switch into a different branch which has new password. Running the pre-commit hook against the baseline does not report the new password. However, if I run scan in the new branch, it does indeed identify the password.
Obviously, I am doing something wrong. Is there a way I can simply run detect-secrets w/o the commit hook. I was hoping to run this in CI as a pre-commit as well, w/o needing detect-secrets-server.
The text was updated successfully, but these errors were encountered: