Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--import baseline could be smarter #55

Closed
domanchi opened this issue Jul 10, 2018 · 0 comments
Closed

--import baseline could be smarter #55

domanchi opened this issue Jul 10, 2018 · 0 comments

Comments

@domanchi
Copy link
Contributor

Issues

  • When using --import <baseline_filename>, a baseline is created without knowledge of the existing baseline file. This means that the current baseline file will be scanned for secrets (which it will clearly find, due to the secret hashes stored in there).

  • When we upgrade baselines, we currently need to perform a two-liner (without sponge):

$ detect-secrets scan --import .secrets.baseline > .secrets.baseline.new
$ mv .secrets.baseline.new .secrets.baseline

If we already know the filename we're importing from (as compared to reading from stdin), we should also write to it.

Suggested Fix

$ detect-secrets scan --upgrade .secrets.baseline

This will write results to the provided file, and ignore the false positives in the current baseline file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KevinHock @domanchi