Exploring git pre-commit for Secrets leaks

By -

What is GitGaurdian and ggsheild?

The ggsheild is a security CLI tool developed by GitGuardian that helps developers and organizations prevent the exposure of sensitive information, such as API keys, credentials, and secrets, in their Git repositories.

What are key features of ggsheild?

  • Pre-Commit and Pre-Push Scanning: Scans code before it is committed or pushed to detect secrets. Prevents accidental leaks of sensitive data in version control.
  • CI/CD Pipeline Integration: Works with GitHub Actions, GitLab CI/CD, Jenkins, and other CI tools. Ensures security checks are part of automated workflows.
  • Real-Time Monitoring and Alerts: Detects exposed secrets in public or private repositories. Sends alerts and suggests remediation steps.
  • Custom Rules & Policies: Allows defining custom regex patterns to detect organization-specific secrets. Supports allowlists to prevent false positives.

How to install ggsheild on Ubuntu 24.04?

apt update
apt install -y pipx
pipx install ggshield

Post installation settings:

pipx ensurepath
You will need to open a new terminal or re-login for the PATH changes to take effect. Now verify the ggshield version 
ggsheild --version
Install in local will update the pre-commit file. 
ggsheild install -m local
Let's do the experiment - will update the pre-commit executable file in your existing repository at .git/hooks/pre-commit path.
We can run the same ggsheild installation with global scope as well 
ggsheild install -m global
We can use the 'ignore' the last findings 
ggsheild ignore --last-found

Comments

Post a Comment

Popular posts from this blog

Ansible 11 The uri module with examples

By -
Image
 Hey DevSecOps Automation specialist, Welcome back to the DevOps Hunter blog. In this post, I made it for learning more about all possible parameters that we can use when an application validation is done with the Ansible 'uri' module.  Why uri module? Web Application returns status HTTPCode 200 for success, 404 for failures, and also for 503 for Server internal issues. When you work on the restart of a web application we need to know the status of the application to proceed with the next move. So this uri module is most important for reboot and restart of web applications using ansible. The uri module parameters Supported parameters include: attributes, backup, body, body_format, client_cert, client_key, content, creates, delimiter, dest, directory_mode, follow, follow_redirects, force, force_basic_auth, group, headers, http_agent, method, mode, owner, regexp, remote_src, removes, return_content, selevel, serole, setype, seuser, src, status_code, timeout,...
Read more

Jenkins Active choices parameter - Dynamic input

By -
Image
Hello DevOps team!! Today I've revisited the experiment with the Jenkins ACTIVE CHOICE Parameter  to get the Dynamic parameters effect on the Build Job parameters. Installation Active Choice parameter - Groovy Script Prerequisite: Jenkins installed Up and running on your target master machine. Jenkins URL accessible   Step 1: Install Active Choice plugin On the Jenkins Dashboard, select the Manage Jenkins, Plugin- Manager, In the Available tab search for word 'Active', where you can see Active Choice plugin and choose installation option, and this will enables three different parameters in the "Add Paramters" list. They are : 1. Active choice parameter 2. Active Choice Reactive parameter 3. Active choice Reactive Reference parameter Here In my example I will use two of them, Firstly Active Choice Parameter for "environment". Create new item Name: active_project select a freestyle project click OK button. In the General tab, select the checkbo...
Read more

DevOps Weapons

By -
Image
To achieve faster application delivery and stable environments, the right tools must be used in DevOps environments. There is no single tool that fits all your needs such as server provisioning, configuration management, automated builds, code deployments, and monitoring. Many factors determine the use of a particular tool in your infrastructure.   In this article, we will look into core tools which can be used in a typical Devops environment. Version Control Tools: Git - An awesome tool to version your source code and collaborate. Terraform  - A tool used in building, changing, and versioning the infrastructure across platforms. Build Orchestration/Continuous Integration Tools: Jenkins - It is an open-source, lightweight CI tool written in Java, with high extensibility and a fast release cycle. Buildbot  - An open-source framework for automating software build, test and release process. CruiseControl  - A CI server written in  # Ruby ...
Read more