chore: add secret scanning

.circleci/config.yml

@@ -2,6 +2,7 @@ version: 2.1
 
 orbs:
   slack: circleci/slack@4
+  prodsec: snyk/prodsec-orb@1.0
 
 defaults: &defaults
   resource_class: small
@@ -106,6 +107,16 @@ workflows:
 
   PR_TO_MAIN:
     jobs:
+      - prodsec/secrets-scan:
+          name: Scan repository for secrets
+          context:
+            - snyk-bot-slack
+          channel: lumos-alerts
+          filters:
+            branches:
+              ignore:
+                - main
+
       - install_dev_deps:
           name: Install with devDependencies
           context: nodejs-install

.github/workflows/release-notes.yaml

@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - run: |
         git fetch --prune --unshallow --tags
-    - uses: snyk/release-notes-preview@v1.4.0
+    - uses: snyk/release-notes-preview@v1.6.2
       with:
         releaseBranch: main
       env:

.gitleaksignore

@@ -0,0 +1,100 @@
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:43
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:382
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:1622
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:1823
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:2015
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:2276
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:2432
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:2767
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:3087
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:3522
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:5595
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:5889
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:6081
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:6438
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:6594
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:7084
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:7404
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:7999
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:10669
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:11181
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:12716
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:12809
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:12851
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:12902
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:12938
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:13695
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:13850
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:13920
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:14005
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:14065
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:16683
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:16815
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:16866
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:17520
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:17740
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:17825
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20173
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20269
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20320
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20356
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20410
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:20551
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21004
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21013
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21175
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21576
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21736
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21821
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21881
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:21971
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:22206
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:22961
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:22976
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:23246
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:26423
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:26477
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:27004
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:27094
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:28506
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:28527
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:28815
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:28941
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:29250
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:29591
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:29626
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:30106
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:30316
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:30831
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:33829
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34153
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34297
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34348
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34378
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34399
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34546
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34573
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:34579
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:35152
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:35161
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:35227
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:35748
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36288
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36528
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36613
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36663
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36698
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36943
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36988
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:36998
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:37953
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:37968
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:38078
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:42635
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:42983
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:43178
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:43758
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:45207
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:45510
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:45880
+67085b5833e61cf64621c49fe149a1b3a75cc1d4:test/__snapshots__/index.test.ts.snap:generic-api-key:46385

.pre-commit-config.yaml

@@ -0,0 +1,5 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks