Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tidy] Remove gitleaks #817

Merged
merged 3 commits into from
Oct 18, 2024
Merged

[Tidy] Remove gitleaks #817

merged 3 commits into from
Oct 18, 2024

Conversation

antonymilne
Copy link
Contributor

@antonymilne antonymilne commented Oct 18, 2024
edited
Loading

Description

After quite a bit of discussion and testing, I have decided we are good to remove gitleaks after all. Currently we have GitHub advanced security and Gitguardian working. Gitguardian might be switched off because GitHub advanced security seems to be a superset of its features (e.g. it will even stop you putting credentials in an edit done directly in the GitHub UI).

The reason that test credentials didn't get detected by these tools before is because their threshold for what constitutes a real risky credential is higher than gitleaks. e.g. they only care about AWS keys and IDs if they are provided together, they check that the length and format of these is real to avoid flagging false positives, etc. All the security people at the Firm seem happy that these tools are sensitive enough and that they are working correctly, so I'm proceeding with the tidy up and removing it.

Notice

  • I acknowledge and agree that, by checking this box and clicking "Submit Pull Request":

    • I submit this contribution under the Apache 2.0 license and represent that I am entitled to do so on behalf of myself, my employer, or relevant third parties, as applicable.
    • I certify that (a) this contribution is my original creation and / or (b) to the extent it is not my original creation, I am authorized to submit this contribution on behalf of the original creator(s) or their licensees.
    • I certify that the use of this contribution as authorized by the Apache 2.0 license does not violate the intellectual property rights of anyone else.
    • I have not referenced individuals, products or companies in any commits, directly or indirectly.
    • I have not added data or restricted code in any commits, directly or indirectly.

@github-actions github-actions bot added the Vizro-AI 🤖 Issue/PR that addresses Vizro-AI package label Oct 18, 2024
@antonymilne antonymilne changed the title [TidyRemove gitleaks [Tidy] Remove gitleaks Oct 18, 2024
@antonymilne antonymilne marked this pull request as ready for review October 18, 2024 10:04
@antonymilne
Merge remote-tracking branch 'origin/main' into tidy/remove-gitleaks
4513229 
# Conflicts:
#	.github/workflows/secret-scan.yml
#	vizro-core/hatch.toml
@antonymilne
Fix merge
96688bd
maxschulz-COL
maxschulz-COL approved these changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@maxschulz-COL maxschulz-COL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SOunds good to me, thanks for checking and testing. I think that was important after all :)

stichbury
stichbury approved these changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@stichbury stichbury left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏆 Approved from docs perspective, which is somewhat secondary but have my ✅ anyway!

@antonymilne antonymilne merged commit 319c85e into main Oct 18, 2024
38 of 40 checks passed
@antonymilne antonymilne deleted the tidy/remove-gitleaks branch October 18, 2024 10:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxschulz-COL maxschulz-COL maxschulz-COL approved these changes

@stichbury stichbury stichbury approved these changes

@Joseph-Perkins Joseph-Perkins Awaiting requested review from Joseph-Perkins Joseph-Perkins is a code owner

@huong-li-nguyen huong-li-nguyen Awaiting requested review from huong-li-nguyen huong-li-nguyen is a code owner

@lingyielia lingyielia Awaiting requested review from lingyielia lingyielia is a code owner

Assignees
No one assigned
Labels
Vizro-AI 🤖 Issue/PR that addresses Vizro-AI package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@antonymilne @stichbury @maxschulz-COL