-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement more secrets checks #3085
Comments
More secrets to consider: AWS CodeCommit:
AWS Elastic Container Registry (ECR):
AWS Lambda Layer Contents:
AWS Systems Manager State Manager:
AWS Batch Job Definitions:
Amazon SageMaker:
AWS Amplify Console:
AWS Data Pipeline:
AWS Glue Data Catalog:
|
Hi @Fennerr, all of them interesting ideas, but maybe we need to rethink a little bit our "secrets detection engine" ... |
This is true. Maybe move it to an optional flag and/or a config option to select what secrets you want to scan for It would also be nice to generalize the way that secrets are scanned for so that stuff like writing to the temp files to disk, search for secrets, and using multiprocessing for this (as it's cpu intensive) can just be handled in one place. |
New feature motivation
Similar to the secrets checks for the other services (lambda/ec2/ecs/etc), more checks can be implemented
Solution Proposed
Elastic Beanstalk:
API Gateway:
CodeBuild and CodePipeline:
Glue Jobs:
Step Functions:
AppSync:
This might not be all the API calls that need to be made to get the secrets, but should be a good starting point
Describe alternatives you've considered
None
Additional context
No response
The text was updated successfully, but these errors were encountered: