From c84afd51d41a32827d5ba05351267743ab5c4229 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Tue, 9 Aug 2022 09:23:32 +0000 Subject: [PATCH 1/2] Upgrading gitleaks from v8.6.1 to v8.10.2 Signed-off-by: secureCodeBoxBot --- scanners/gitleaks/Chart.yaml | 2 +- scanners/gitleaks/README.md | 2 +- scanners/gitleaks/docs/README.DockerHub-Parser.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/gitleaks/Chart.yaml b/scanners/gitleaks/Chart.yaml index 38d4c7aaa2..dc5e1ede6c 100644 --- a/scanners/gitleaks/Chart.yaml +++ b/scanners/gitleaks/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the gitleaks repository scanner that integrates wi type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "v8.6.1" +appVersion: "v8.10.2" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 992e867d81..8c314ed958 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -3,7 +3,7 @@ title: "Gitleaks" category: "scanner" type: "Repository" state: "released" -appVersion: "v8.6.1" +appVersion: "v8.10.2" usecase: "Find potential secrets in repositories" --- diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md index aab77ac315..84f3ef5d07 100644 --- a/scanners/gitleaks/docs/README.DockerHub-Parser.md +++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md @@ -42,7 +42,7 @@ You can find resources to help you get started on our [documentation website](ht ## Supported Tags - `latest` (represents the latest stable release build) -- tagged releases, e.g. `v8.6.1` +- tagged releases, e.g. `v8.10.2` ## How to use this image This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/scanners/gitleaks. From 7f5bc8363ba88792913aee134a37361ac75b8c25 Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Thu, 11 Aug 2022 17:36:47 +0200 Subject: [PATCH 2/2] gitleaks now requires both "BEGIN" and "END" of a private key to detect it See https://github.com/zricethezav/gitleaks/pull/858/files AFAIK this is to reduce false positives Signed-off-by: Ilyes Ben Dlala --- scanners/gitleaks/integration-tests/gitleaks.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/gitleaks/integration-tests/gitleaks.test.js b/scanners/gitleaks/integration-tests/gitleaks.test.js index 6675aa34cc..b5023dac22 100644 --- a/scanners/gitleaks/integration-tests/gitleaks.test.js +++ b/scanners/gitleaks/integration-tests/gitleaks.test.js @@ -37,7 +37,7 @@ test( // Bash script to create a git repo with a demo file `cd /repo && \\ git init && \\ - echo '-----BEGIN PRIVATE KEY-----' > secret.pem && \\ + echo '-----BEGIN PRIVATE KEY----------END PRIVATE KEY-----' > secret.pem && \\ git config --global user.name test && \\ git config --global user.email user@example.com && \\ git add secret.pem && \\