Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret detection is broken on branch titan_treks_utility_script #292

Closed
mattanikiej opened this issue Jul 3, 2024 · 3 comments
Closed

Secret detection is broken on branch titan_treks_utility_script #292

mattanikiej opened this issue Jul 3, 2024 · 3 comments
Assignees
@nutjob4life @mattanikiej
Labels
B15.0 bug Something isn't working i&t.skip s.medium Medium level severity

Comments

@mattanikiej
Copy link
Contributor

Checked for duplicates

No - I haven't checked

πŸ› Describe the bug

Fails to install plugins and public emails are flagged as secrets.

πŸ•΅οΈ Expected behavior

detect-secrets has plugins that should prevent this

πŸ“œ To Reproduce

Push changes to the repository

πŸ–₯ Environment Info

  • Version of this software [e.g. vX.Y.Z]
  • Operating System: [e.g. MacOSX with Docker Desktop vX.Y]
    ...

πŸ“š Version of Software Used

No response

🩺 Test Data / Additional context

No response

πŸ¦„ Related requirements

πŸ¦„ #xyz

βš™οΈ Engineering Details

No response

πŸŽ‰ Integration & Test

No response
@mattanikiej mattanikiej added bug Something isn't working needs:triage labels Jul 3, 2024
@nutjob4life
Copy link
Member

@mattanikiej perfect, thanks

nutjob4life added a commit that referenced this issue Jul 5, 2024
@nutjob4life
Resolve #292
ad06ad3
@nutjob4life nutjob4life mentioned this issue Jul 5, 2024
Merged
@nutjob4life
Copy link
Member

The issue was that the .secrets.baseline referenced two .pem files which were not included in the commit (indeed, they're in the .gitignore).

But when the workflow runs and compares the results with the baseline, it only sees the difference, and assumes any difference is a new disclosure. A smarter workflow would only report new disclosures, not a reduction in secrets.

@tloubrieu-jpl tloubrieu-jpl added s.medium Medium level severity and removed needs:triage labels Jul 8, 2024
@jordanpadams
Copy link
Member

Install issue identified and PR has been merged. #293

@github-project-automation github-project-automation bot moved this from ToDo to 🏁 Done in EN Portfolio Backlog Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nutjob4life nutjob4life

@mattanikiej mattanikiej

Labels
B15.0 bug Something isn't working i&t.skip s.medium Medium level severity
Projects
EN Portfolio Backlog
Status: 🏁 Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nutjob4life @jordanpadams @mattanikiej @tloubrieu-jpl