Merge pull request #850 from SoftLayer/issues849

Added detect-secrets properly to travis build

Author: allmightyspiff

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+# This is an example configuration to enable detect-secrets in the pre-commit hook.
+# Add this file to the root folder of your repository.
+#
+# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
+#
+# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase.
+repos:
+  - repo: https://github.com/ibm/detect-secrets
+    # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
+    # You are encouraged to use static refs such as tags, instead of branch name
+    #
+    # Running "pre-commit autoupdate" automatically updates rev to latest tag
+    rev: 0.13.1+ibm.62.dss
+    hooks:
+      - id: detect-secrets # pragma: whitelist secret
+        # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
+        # You may also run `pre-commit run detect-secrets` to preview the scan result.
+        # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
+        # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
+        # add "--fail-on-unaudited" to fail pre-commit for unaudited potential secrets
+        args: [--baseline, .secrets.baseline, --use-all-plugins]

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "(.*test.*)|(vendor)|(go.sum)|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-08-29T21:40:56Z",
+  "generated_at": "2024-04-18T01:39:58Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -70,7 +70,7 @@
         "hashed_secret": "82e725817f214b04e55d8136779d09dde4195560",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 307,
+        "line_number": 327,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
@@ -312,23 +312,23 @@
         "hashed_secret": "d3ac7a4ef1a838b4134f2f6e7f3c0d249d74b674",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 120,
+        "line_number": 148,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "7d44c33cf9a82ab9bd5300d266784504e9772177",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4744,
+        "line_number": 5116,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -338,7 +338,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 5148,
+        "line_number": 5120,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -348,23 +348,23 @@
         "hashed_secret": "3efd4c0fe185135dd2c584b9698f506803cfaf81",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 120,
+        "line_number": 148,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8927bd748f26a7258a01e318a7e1e7585458a228",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4744,
+        "line_number": 5116,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -374,7 +374,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -384,7 +384,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -394,15 +394,15 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4747,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d3ac7a4ef1a838b4134f2f6e7f3c0d249d74b674",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4748,
+        "line_number": 5116,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -412,15 +412,15 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d3ac7a4ef1a838b4134f2f6e7f3c0d249d74b674",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4744,
+        "line_number": 5116,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -430,7 +430,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -440,7 +440,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -450,7 +450,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 4743,
+        "line_number": 5115,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -460,7 +460,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 259,
+        "line_number": 260,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -470,13 +470,13 @@
         "hashed_secret": "c2a6b03f190dfb2b4aa91f8af8d477a9bc3401dc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 372,
+        "line_number": 373,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ]
   },
-  "version": "0.13.1+ibm.61.dss",
+  "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,
     "hash": null

.travis.yml

@@ -11,7 +11,6 @@ addons:
 install:
   # Required to install detect-secrets
   - echo -e "machine github.ibm.com\n  login $CI_USER_TOKEN" > ~/.netrc
-  #- sudo chmod o+rwx /usr/lib/python3/dist-packages/
   - sudo python3 -m pip install -U pip
   - sudo pip3 install pyOpenSSL --upgrade
   - sudo pip3 install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
@@ -21,8 +20,8 @@ before_script:
   - bash bin/generate-i18n-resources.sh
   - go vet $(go list ./... | grep -v "fixtures" | grep -v "vendor")
   - go test $(go list ./... | grep -v "fixtures" | grep -v "vendor")
-  - python3 bin/detect_secrets.py
-  
+  - detect-secrets scan --update .secrets.baseline
+  - detect-secrets audit .secrets.baseline --report --fail-on-unaudited --omit-instructions  
   - gosec -exclude-dir=fixture -exclude-dir=plugin/resources -quiet ./...
 script:
   - go build