Bot releases are visible (Hide)
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
@secretlint/secretlint-rule-no-k8s-kind-secret disallow to use Kind: Secret
manifest in a repository.
Kubernetes's Kind: Secret
includes credentials as plain format.
It just base64 encoded value.
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
So, Kind: Secret
manifest is not committable file into a repository.
In GitOps context, you can use another solution like SealedSecret, Vault etc...
You can install it with npm
npm install @secretlint/secretlint-rule-no-k8s-kind-secret
and edit .secretlintrc.json
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend"
},
{
"id": "@secretlint/secretlint-rule-no-k8s-kind-secret"
}
]
}
Published by github-actions[bot] over 4 years ago
@mtsalenc implemented @secretlint/secretlint-rule-secp256k1-privatekey in #103
This rule to check against the inclusion of secp256k1 private keys, used by the Bitcoin and Ethereum blockchains.
You can install it with npm
npm install @secretlint/secretlint-rule-secp256k1-privatekey
and edit .secretlintrc.json
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend"
},
{
"id": "@secretlint/secretlint-rule-secp256k1-privatekey"
}
]
}
Published by github-actions[bot] over 4 years ago
Secretlint 1.0.0 is Released 🎉
Secretlint is pluggable linting tool to prevent committing credential like SSH private key, GCP Access token, AWS Access Token, Slack Token, and npm auth token
This is first stable version of secretlint.
Secretlint adopt Semantic Versioning Policy.
It means that major update includes breaking changes.
Secretlint is that Pluggable linting tool to prevent committing credential.
Secretlint is similar with ESLint or textlint.
💡 Secretlint has primitive feature that scan your files and report credentials in your files.
You can use Secretlint in one-line command.
If you already have installed Docker:
docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"
If you already have installed Node.js:
npx @secretlint/quick-start "**/*"
Secretlint report error If your files inclues credentials like SSH private key, GCP Access token, AWS Access Token, Slack Token, and npm auth token.
Because it is secret data!
For more details, Please see Installtion guide
We have provided Secretlint as Docker Image and Node.js CLI.
In near future, We also a single binary edition for Secretlint.
In the world, Already exist credential scanner tools like awslabs/git-secrets, truffleHog, detect-secrets, and more.
Secretlint has a Philosophy.
In our experience, false-positive is biggest issue of litting tools.
(Secretlint creator is same with textlint)
So, We are working that reduce false-positive in secretlint rules.
Secretlint adopt Opt-in instead of Opt-out.
It means that You can select a rule and introduce the rule by own.
However, Select everything is hard and We also provide recommened rule set.
Secretlint is Project Friendly tool.
It is easy to integrate your CI service like Circle CI, and GitHub ACtions.
by Some Pull Request includes credentila, CI can fail it.
Also, you can integrate Secretlint with Git Pre-commit hook.
This integration prevent you to commit credential into your priject.
Secretlint adopt pluggable archtecture.
So, you can write own secretlint rule and use it.
Next development guide describe how to create secretelint rule.
This concept also effect secretlint core implementation.
@secretlint/core has not built-in rules.
Instead of it, We created @secretlint/secretlint-rule-preset-recommend as separated packages.
Secretlint is first stage yet.
We will improve secretlint for getting continuous security.
If you want to contribute, please see label:good first issue and help wanted.
Published by github-actions[bot] over 4 years ago
Patch Release.
No meaningfull changes.
Published by github-actions[bot] over 4 years ago
Maybe, This is last minor version before 1.0.0.
$ secretlint --locale ja "**/*"
Published by github-actions[bot] over 4 years ago
This is bump only release.
No affect for user.
Published by github-actions[bot] over 4 years ago
This is bump only releases.
Published by github-actions[bot] over 4 years ago
This release is only bump 0.9.0.
We adopt new release flow #88
For more details, see https://github.com/secretlint/secretlint/blob/master/CONTRIBUTING.md#release-flow
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
Published by azu over 4 years ago