Skip to content

ci: Public repo secret scanner #704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jun 12, 2024
Merged

ci: Public repo secret scanner #704

merged 13 commits into from
Jun 12, 2024

Conversation

jzqiu-arista
Copy link
Contributor

Description

Switch to the secret scanner workflow that works for public repos.

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have run pre-commit for code linting and typing (pre-commit run)
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes (tox -e testenv)

@jzqiu-arista jzqiu-arista changed the title Public repo secret scanner ci: Public repo secret scanner Jun 10, 2024
gmuloc
gmuloc reviewed Jun 10, 2024
View reviewed changes
@jzqiu-arista jzqiu-arista marked this pull request as ready for review June 10, 2024 14:21
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

jzqiu-arista
jzqiu-arista commented Jun 12, 2024
View reviewed changes
Copy link
Contributor Author

@jzqiu-arista jzqiu-arista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gmuloc
Copy link
Collaborator

gmuloc commented Jun 12, 2024

/secret-scanner apply allow list

@gmuloc gmuloc merged commit 33bc7d2 into aristanetworks:main Jun 12, 2024
@jzqiu-arista
Copy link
Contributor Author

/secret-scanner apply allow list

@arista-secret-scanner
Copy link

Run 9483134187 scheduled. Result will be posted here when finished.

@arista-secret-scanner
Copy link

Allow list Summary

  • Total number of secrets in repo: 16
  • Allowed secrets: 16
  • Disallowed secrets: 0
  • Unused allow list entries: 0
Secrets allowed 
{
    "repository": "aristanetworks/anta",
    "commit_hash": "9888c493c560d3ec76c4b590e5126f044c866032",
    "file_path": "docs/usage-as-python-lib.md",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 66,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "ab3b5173c4727f2af709c16418a71462dbe7d2ba",
    "file_path": "documentation/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 34,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "390f27167a01085cb15adf98fd77f0d169788771",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 51,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <thomas.grimonet@gmail.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "5a6e5db4d08ad5dbeca8ab2d88f51f49d735329a",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 49,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "ab3b5173c4727f2af709c16418a71462dbe7d2ba",
    "file_path": "documentation/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 38,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "6749e1fba13d5f08177493438d77dc70026f5d35",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 43,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "ab3b5173c4727f2af709c16418a71462dbe7d2ba",
    "file_path": "anta/inventory/__init__.py",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 48,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "eb542afc62ca8d3e2b19e1694addef179e59dbe5",
    "file_path": ".arista/secret_allowlist.yaml",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 8,
    "bug_id": null,
    "detector": "URI",
    "author": "Guillaume Mulocher <gmulocher@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "9888c493c560d3ec76c4b590e5126f044c866032",
    "file_path": "docs/usage-as-python-lib.md",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 77,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "390f27167a01085cb15adf98fd77f0d169788771",
    "file_path": "anta/inventory/__init__.py",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 83,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <thomas.grimonet@gmail.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "390f27167a01085cb15adf98fd77f0d169788771",
    "file_path": "anta/inventory/__init__.py",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 74,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <thomas.grimonet@gmail.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "390f27167a01085cb15adf98fd77f0d169788771",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 60,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <thomas.grimonet@gmail.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "6749e1fba13d5f08177493438d77dc70026f5d35",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.17",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 38,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "eb542afc62ca8d3e2b19e1694addef179e59dbe5",
    "file_path": ".arista/secret_allowlist.yaml",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 5,
    "bug_id": null,
    "detector": "URI",
    "author": "Guillaume Mulocher <gmulocher@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "ab3b5173c4727f2af709c16418a71462dbe7d2ba",
    "file_path": "anta/inventory/__init__.py",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 55,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}

{
    "repository": "aristanetworks/anta",
    "commit_hash": "5a6e5db4d08ad5dbeca8ab2d88f51f49d735329a",
    "file_path": "docs/api/inventory.md",
    "raw_secret": "https://ansible:ansible@192.168.0.2",
    "vcs": "github",
    "job_id": null,
    "allowed": true,
    "line_number": 49,
    "bug_id": null,
    "detector": "URI",
    "author": "Thomas Grimonet <tgrimonet@arista.com>"
}
Secrets disallowed
Unused allow list entries

Details: https://github.com/aristanetworks/secret-scanner-service/actions/runs/9483134187

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmuloc gmuloc gmuloc approved these changes

Assignees

@jzqiu-arista jzqiu-arista

Labels
rn: ci
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jzqiu-arista @gmuloc