Skip to content

Commit

Permalink
Merge pull request #1334 from snyk/chore-secrets-scanning
Browse files Browse the repository at this point in the history 
Chore secrets scanning
  • Loading branch information
@jonnyowenpowell
jonnyowenpowell committed Jul 14, 2023
2 parents 768721b + 86ea1c1 commit 4a5454a
Show file tree
Hide file tree
Showing 7 changed files with 34 additions and 8 deletions.
20 changes: 16 additions & 4 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,13 +126,13 @@ jobs:
./scripts/docker/build-image-ubi9.sh ${IMAGE_NAME_CANDIDATE_UBI9}
name: Build image
- snyk/scan:
additional-arguments: --project-name=alpine
additional-arguments: --project-name=alpine --policy-path=.snyk
docker-image-name: ${IMAGE_NAME_CANDIDATE}
monitor-on-build: false
severity-threshold: high
target-file: Dockerfile
- snyk/scan:
additional-arguments: --project-name=ubi9
additional-arguments: --project-name=ubi9 --policy-path=.snyk
docker-image-name: ${IMAGE_NAME_CANDIDATE_UBI9}
monitor-on-build: false
severity-threshold: critical
Expand Down Expand Up @@ -677,13 +677,13 @@ jobs:
monitor-on-build: true
severity-threshold: high
- snyk/scan:
additional-arguments: --project-name=alpine
additional-arguments: --project-name=alpine --policy-path=.snyk
docker-image-name: ${IMAGE_NAME_APPROVED}
monitor-on-build: true
severity-threshold: high
target-file: Dockerfile
- snyk/scan:
additional-arguments: --project-name=ubi9
additional-arguments: --project-name=ubi9 --policy-path=.snyk
docker-image-name: ${IMAGE_NAME_APPROVED_UBI9}
monitor-on-build: true
severity-threshold: critical
Expand Down Expand Up @@ -1014,6 +1014,7 @@ orbs:
azure-cli: circleci/azure-cli@1.2.0
redhat-openshift: circleci/redhat-openshift@0.2.0
snyk: snyk/snyk@1.1.2
prodsec: snyk/prodsec-orb@1.0
staging_branch_only_filter:
filters:
branches:
Expand Down Expand Up @@ -1079,6 +1080,17 @@ workflows:
- tag_and_push
PR_TO_STAGING:
jobs:
- prodsec/secrets-scan:
name: Scan repository for secrets
context:
- snyk-bot-slack
channel: container-integration-alerts
filters:
branches:
ignore:
- staging
- master

- build_image:
filters:
branches:
Expand Down
4 changes: 2 additions & 2 deletions .circleci/config/jobs/@jobs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,13 +282,13 @@ publish:
severity-threshold: high
target-file: Dockerfile
monitor-on-build: true
additional-arguments: --project-name=alpine
additional-arguments: --project-name=alpine --policy-path=.snyk
- snyk/scan:
docker-image-name: ${IMAGE_NAME_APPROVED_UBI9}
severity-threshold: critical
target-file: Dockerfile.ubi9
monitor-on-build: true
additional-arguments: --project-name=ubi9
additional-arguments: --project-name=ubi9 --policy-path=.snyk
- run:
name: Publish
command: |
Expand Down
4 changes: 2 additions & 2 deletions .circleci/config/jobs/build_image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ steps:
severity-threshold: high
target-file: Dockerfile
monitor-on-build: false
additional-arguments: --project-name=alpine
additional-arguments: --project-name=alpine --policy-path=.snyk
- snyk/scan:
docker-image-name: ${IMAGE_NAME_CANDIDATE_UBI9}
severity-threshold: critical
target-file: Dockerfile.ubi9
monitor-on-build: false
additional-arguments: --project-name=ubi9
additional-arguments: --project-name=ubi9 --policy-path=.snyk
- run:
name: Push image
command: |
Expand Down
1 change: 1 addition & 0 deletions .circleci/config/orbs/@prodsec.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
prodsec: snyk/prodsec-orb@1.0
2 changes: 2 additions & 0 deletions .gitleaksignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
5b9a7821680bbfb6c4a900ab05d898ce2b2cc157:test/common/config.spec.ts:generic-api-key:2
ce1cf363e4ec4546f3d73d57727ac564308c3f7e:test/README-OPENSHIFT4.md:generic-api-key:13
5 changes: 5 additions & 0 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
repos:
- repo: https://github.com/gitleaks/gitleaks
rev: v8.16.2
hooks:
- id: gitleaks
6 changes: 6 additions & 0 deletions .snyk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,10 @@ ignore:
reason: None Given
expires: 2122-12-29T08:08:41.608Z
created: 2022-11-29T08:08:41.611Z
SNYK-JS-SEMVER-3247795:
- '*':
reason: No direct upgrade available
expires: 2023-10-11T12:35:38.260Z
created: 2023-07-11T12:35:38.260Z

patch: {}

0 comments on commit 4a5454a

Please sign in to comment.