A docker image for Yelp's docker-secrets python application
A docker image to enable invoking of Yelp’s detect-secrets hook command without having to install the python package.
This image is deployed to Docker Hub at: https://hub.docker.com/r/lirantal/detect-secrets
Runs the detect-secrets-hook command for a given git project, with the following options:
pwd to the container’s /usr/src/app directorysrc/index.js and src/component.js are files for which will be tested for secrets
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"
If a project has a previously created .secrets-baseline it can be passed as a command argument to the container:
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"
For projects which exhibit a structure such as:
| app|_ .git/|_ client/|_ server/|_ .secrets-baseline
it is required to tweak the execution of detect-secrets-hook when it runs in the container image to simulate the exact scenario of it running inside the nested server/ directory, while mounting the top level application directory:
docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"
Building the image from the Dockerfile and then you may execute it locally:
docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .
Liran Tal liran@snyk.io