find-and-report-secrets-in-code

Security solution to find secrets in a git repository using Gitleaks, generate a JSON report based on the findings from Gitleaks by extracting only the relevant information, find the commit id and commit author for each finding, update an Atlassian Confluence page with the secrets found based on that generated report and send an alert on Slack.

APACHE-2.0 License

Stars
4
View Code on GitHub Visit Website
Ecosystems: Bash, Docker, Git, GitLab, JSON, Linux, macOS, Python, Slack, Shell
find-and-report-secrets-in-code - Release v1.2.0 Latest Release

Published by abdullahkhawer 2 months ago

Release v1.2.0 - Reduce Docker Image Size, Improve Docker Image README and Do Minor Improvements

1.2.0 - 2024-08-15

🚀 Features

  • Reduce Docker image size by 86% (from 677 MB (240.53 MB compressed) -> 95.7 MB (36.47 MB compressed)) by using multi-stage builds with Alpine images for Golang (Go) and Python as base images, combining RUN commands, installing necessary packages only and using no cache options for package installers to reduce installation size.

🐛 Bug Fixes

  • Add no cache options for package installers to reduce installation size.

📚 Documentation

  • Update README.md with reference screenshots
  • Update README to add license description and update founder reference.
  • Update Docker README to add 'Quick Reference', 'Supported Tags', and license description and update founder reference.

⚙️ Miscellaneous Tasks

  • Add Apache License for Docker image.
find-and-report-secrets-in-code - Release v1.1.0

Published by abdullahkhawer 3 months ago

1.1.0 - 2024-07-24

🚀 Features

  • Update shell script to prepare and add URL for each finding in the JSON report.
  • Update python script to improve logging, comments, pylint score from 1.44 to 9.25/10 by refactoring code, HTML content template to add link to the file reference where secret is detected and Slack notification message along with its format in case of both no secrets found and 1 or more secrets found.

📚 Documentation

  • Update READMEs to add 2 new ENVs, add 1 new JSON field and fix some existing commands and descriptions mentioned.

⚙️ Miscellaneous Tasks

  • Remove unnecessary file from .gitignore.
  • Add 2 new variables and use image 1.1.0
  • Update version to v1.1.0
find-and-report-secrets-in-code - Release v1.0.1

Published by abdullahkhawer 4 months ago

1.0.1 - 2024-07-03

🐛 Bug Fixes

  • Update code to use gitleaks v8.18.4 instead of latest and update the READMEs accordingly.
  • Remove sudo as it wasn't required in this script.

⚙️ Miscellaneous Tasks

  • Update .gitleaks.toml file to remove unnecessary paths from the 'allowlist'.
  • Update print command to fix a word.
find-and-report-secrets-in-code - Release v1.0.0

Published by abdullahkhawer 5 months ago

Feature:

  • Develop a solution which can be executed on any macOS or Linux system either locally or on a remote server or via a CI/CD pipeline that finds secrets in a git repository using Gitleaks, generates a JSON report based on the findings from Gitleaks by extracting only the relevant information, finds the commit id and commit author for each finding, updates an Atlassian Confluence page with the secrets found based on that generated report and finally sends an alert on Slack.
find-and-report-secrets-in-code - v1.0.0

Published by abdullahkhawer 6 months ago

Develop a solution which can be executed on any macOS or Linux system either locally or on a remote server or via a CI/CD pipeline that finds secrets in a git repository using Gitleaks, generates a JSON report based on the findings from Gitleaks by extracting only the relevant information, finds the commit id and commit author for each finding, updates an Atlassian Confluence page with the secrets found based on that generated report and finally sends an alert on Slack.

find-and-report-secrets-in-code - Release v1.0.0

Published by abdullahkhawer 8 months ago