项目作者: lirantal

项目描述 :
A docker image for Yelp's docker-secrets python application
高级语言: Dockerfile
项目地址: git://github.com/lirantal/docker-detect-secrets.git
创建时间: 2019-05-21T16:20:39Z
项目社区:https://github.com/lirantal/docker-detect-secrets

开源协议:Apache License 2.0

下载


About

A docker image to enable invoking of Yelp’s detect-secrets hook command without having to install the python package.

This image is deployed to Docker Hub at: https://hub.docker.com/r/lirantal/detect-secrets

Usage

Detecting secrets in a project

Runs the detect-secrets-hook command for a given git project, with the following options:

  • The current directory is assumed to be the .git root directory and so the volume mounts pwd to the container’s /usr/src/app directory
  • src/index.js and src/component.js are files for which will be tested for secrets
  1. docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"

Detecting secrets in a project that has a baseline

If a project has a previously created .secrets-baseline it can be passed as a command argument to the container:

  1. docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"

Detecting secrets in a monorepo style project

For projects which exhibit a structure such as:

  1. | app
  2. |_ .git/
  3. |_ client/
  4. |_ server/
  5. |_ .secrets-baseline

it is required to tweak the execution of detect-secrets-hook when it runs in the container image to simulate the exact scenario of it running inside the nested server/ directory, while mounting the top level application directory:

  1. docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"

Developing

Building the image from the Dockerfile and then you may execute it locally:

  1. docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .

Author

Liran Tal liran@snyk.io