From bc0b9199084eb7aa9c1bacb2b7f512205fb9117f Mon Sep 17 00:00:00 2001
From: zondervancalvez <zondervan.v.calvez@accenture.com>
Date: Fri, 27 May 2022 16:24:46 +0800
Subject: [PATCH] fix(security): vulnerabilities found in cactus-rust-compiler
 This fix will ignore AsymmetricPrivateKey (private-key)

Fixes #2042

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
---
 trivy-secret.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 trivy-secret.yaml

diff --git a/trivy-secret.yaml b/trivy-secret.yaml
new file mode 100644
index 00000000000..027b9ce9978
--- /dev/null
+++ b/trivy-secret.yaml
@@ -0,0 +1,6 @@
+rules:
+  - id: private-key
+    category: CategoryAsymmetricPrivateKey
+    title: Asymmetric Private Key
+    severity: HIGH
+    regex: (?i)-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY( BLOCK)?\s*?-----(?P<secret>[A-Za-z0-9=+/\s]*?)-----\s*?END[ A-Z0-9_-]*? PRIVATE KEY( BLOCK)?\s*?-----
\ No newline at end of file