Travis-scanner is a service designed to automate log file scanning and analysis. It ingests log files, processes them using various plugins (currently Trivy and Detect Secrets), identifies vulnerabilities and security issues, and stores the results in a database and S3. The service also updates log files with anonymized sensitive information and triggers notifications for failed scans.
So any leaking secrets in job logs will be obfuscated/musked into estarics (*****), this improves security of TravisCI.
docker compose build
docker compose run travis_scanner bundle install
docker compose up -d postgres redis
docker compose run travis_scanner bundle exec rails db:setup
docker compose up
docker compose run travis_scanner bundle exec rspec