pivotal-cf / cred-alert Goto Github PK
View Code? Open in Web Editor NEWScans repos for credentials and then shouts if it finds them
License: Apache License 2.0
Scans repos for credentials and then shouts if it finds them
License: Apache License 2.0
public EmailPreferenceModel(boolean isPreferred, String emailPreferenceTitleTranslationKey, String emailPreferenceDescriptionTranslationKey) {
this.isPreferred = isPreferred;
this.emailPreferenceTitleTranslationKey = emailPreferenceTitleTranslationKey;
- this.emailPreferenceDescriptionTranslationKey = emailPreferenceDescriptionTranslationKey;
}
public boolean isPreferred() {
@@ -45,10 +44,6 @@ public class EmailPreferenceModel {
return emailPreferenceDescriptionTranslationKey;
}
- public void setEmailPreferenceDescriptionTranslationKey(String emailPreferenceDescriptionTranslationKey) {
- this.emailPreferenceDescriptionTranslationKey = emailPreferenceDescriptionTranslationKey;
- }
-
public EmailPreference getEmailPreference() {
return emailPreference;
}
Sample of false positive detected.
I noticed that on a recent leak, that a couple of fields would not have been caught by cred-alert. At the time, we were not using cred-alert. We are now, and it would be nice to catch these situations.
ivyrepo_passwd: "snipped"
docker_password: snipped
It would be nice if the help text mentioned the -f
flag for scanning archives.
Although they're deprecated they're still supported.
PivNet generates them using this exact method: http://www.rubydoc.info/github/plataformatec/devise/master/Devise#friendly_token-class_method
Here's an example: yGWeD8xzxT4vgSPi7uu5
Is it possible to pass credential scan ignore files as argument?
example : cred-alert-cli scan -f . --exclude-file .credscanignore
Many developers in our organization are on Windows, and already have go
installed.
I use git-crypt to encrypt some files within a git repo. Cred-alert seem to pick those credentials and force me to git commit
with -n
to override. Would be great if cred-alert would skip files that are encrypted by git-crypt
I'd love to be able to help solve some of the open issues, but the Readme does not contain enough information for me to know to to build the code and run the tests. I tried, but some steps were missing.
Not sure where / how to find this channel
We just pulled in git-hooks-core into Pivotal's workstation-setup. @larham suggested this change:
"I wish there was a brew install cred-alert
so that there wouldn't be a download from an s3 bucket"
Hi there - I'm getting a segfault on Apple Silicon with the latest release of cred-alert-cli
. I get it regardless of whether I run the command bare or by explicitly setting the architecture using arch --x86_64 cred-alert-cli
.
Not sure what other information to provide, so here's the output of uname -v
Darwin Kernel Version 20.1.0: Sat Oct 31 00:07:10 PDT 2020; root:xnu-7195.50.7~2/RELEASE_ARM64_T8101
After a while I end up with thousands of cred-alert-cli* and inflator-errors* directories in /tmp
, most of which are empty.
These should be culled automatically by the CLI when they are empty.
I'm trying out cred-alert-cli in preparation for using the git hooks in https://github.com/pivotal-cf/git-hooks-core, and I'm seeing some false negatives that seem to be due to behavior of --diff
cred-alert-cli version
db35f3egit --version
2.14.1cd myrepo
cp ~/.ssh/id_rsa .
git add id_rsa
git diff --cached | cred-alert-cli scan --diff
echo $?
echo $?
should output nonzerocred-alert-cli
echo $?
outputs 0.Bizarrely, cred-alert-cli
does output the expected warning if I don't use the --diff
flag.
It works as expected on a different Mac with OS 10.12.6 Sierra and git 2.13.0.
I am not sure if this is user error (should I not use --diff
?) or if it points to a bug in cred-alert-cli.
The cf git hooks use --diff
for checking git diffs, so if that's not correct, I'll open an issue there.
Thanks for any guidance you can provide :)
I was trying to commit some code. cred-alert hook told me the version I have is old and I should run some update command.
I ran the command, then it turns out the command failed because it doesn't have write permission to folders where it is installed.
So I run it with 'sudo' instead. This seemed to work and downloaded and installed something.
Next I try to git commit
the stuff I had started to commit before. This did not work, I didn't get any error messages, but it seems like git commit just silently exits without doing anything.
I assumed the problem must be cred-alert git hooks are broken.
So... I disable the githook by running these commands:
cd ~/git/pivotal-cf
mv git-hooks-core/ git-hooks-core-DISABLED
Next time I try 'git commit' everything works fine. So my conclusion is that indeed running cred-alert-cli update
broke my git setup.
I'm following the build instructions per the README.md but getting errors.
levanter:cred-alert sean$ go build cmd/cred-alert-cli can't load package: package cmd/cred-alert-cli: cannot find package "." in: /usr/local/Cellar/go/1.9.3/libexec/src/cmd/cred-alert-cli levanter:cred-alert sean$
Any thoughts?
There are inconsistencies in the install/deployment process for calling cred-alert. The README.md page of this wiki has someone move a binary named cred-alert-cli to /usr/local/bin/ but we downloaded cred-alert-cli_${OS_NAME}. Then we later call it from a local directory as cred-alert.
A consistent naming convention should be used throughout the documentation as the application is used in other repo's/docs/guides (e.g. https://github.com/pivotal-cf/git-hooks-core).
testing tracker / gitbot integration
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.