Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check certificate #717

Closed
wants to merge 31 commits into from
Closed

check certificate #717

wants to merge 31 commits into from

Conversation

AlvoBen
Copy link
Collaborator

@AlvoBen AlvoBen commented May 1, 2024

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Describe the purpose of this PR along with any background information and the impacts of the proposed change.

References

Include supporting link to GitHub Issue/PR number

Testing

Describe how this change was tested. Be specific about anything not tested and reasons why. If this solution has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Checklist

  • I have added documentation for new/changed functionality in this PR (if applicable).
  • I have updated the CLI help for new/changed functionality in this PR (if applicable).
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

@gitguardian GitGuardian
Copy link

gitguardian bot commented May 1, 2024
edited

⚠️ GitGuardian has uncovered 6 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
10603652 Triggered RSA Private Key c25b9f4 .goreleaser-dev.yml View secret
10603652 Triggered RSA Private Key 324a7f5 .goreleaser-dev.yml View secret
10603652 Triggered RSA Private Key 324a7f5 .github/workflows/release.yml View secret
10603652 Triggered RSA Private Key e51dce3 .github/workflows/release.yml View secret
10606138 Triggered Generic Private Key 41983c0 private_key.pem View secret
10606138 Triggered Generic Private Key 4df225b private_key.pem View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@pedrompflopes pedrompflopes requested a review from a team May 1, 2024 08:21
@github-actions GitHub Actions
Copy link

github-actions bot commented May 1, 2024
edited

Logo
Checkmarx One – Scan Summary & Details9486149c-64bb-4e86-bee4-e794db86d5fc

Policy Management Violations

Policy Name Rule(s) Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities true

No New Or Fixed Issues Found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@AlvoBen @tamarleviCm @BenAlvo1