Commit graph

614 commits

Author SHA1 Message Date
Dustin Decker
1da3e0f723 turn off getemail scanner 2022-03-04 08:39:22 -08:00
Bill Rich
c742f6a816 Do not continue if semaphore can't be acquired (#49) 2022-03-04 08:39:22 -08:00
Bill Rich
30034f5d28 Use metadata specific to source type (#48) 2022-03-04 08:39:22 -08:00
dependabot[bot]
af5d358166 Bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1453 to 1.61.1465 (#45)
Bumps [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) from 1.61.1453 to 1.61.1465.
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](https://github.com/aliyun/alibaba-cloud-sdk-go/compare/v1.61.1453...v1.61.1465)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-04 08:39:22 -08:00
Dustin Decker
8b500219f8 Add new credential type for Jenkins 2022-03-04 08:39:22 -08:00
Bill Rich
56dc1b109c Check commit order, dedupe results, and support using a head commit. (#44)
* Check commit order and support using a head commit.

* Only apply dedupe to git bases source
2022-03-04 08:39:22 -08:00
Dustin Decker
b054739984 Not all prefixes are credentials for AWS, fix capturing group 2022-03-04 08:39:22 -08:00
Dustin Decker
736fa201f2 fix logging 2022-03-04 08:39:22 -08:00
Dustin Decker
86c2eb507b Adding detectors (#46)
* rename secret

* Add supporting docs and tooling for adding new detectors
2022-03-04 08:39:22 -08:00
Dustin Decker
b2a9d5b0a9 Update AWS prefixes 2022-03-04 08:39:22 -08:00
Dustin Decker
c20e9f4732 improvements 2022-03-04 08:39:17 -08:00
Dustin Decker
77418fb3f8 module v3 2022-02-15 18:54:47 -08:00
Dustin Decker
0427a995d3 print banner to stderr 2022-02-15 18:54:47 -08:00
Dustin Decker
79496b8142 Add context timeout to scanners 2022-02-15 18:54:47 -08:00
Dustin Decker
ee99f0c9a2 Record avg detector time 2022-02-15 18:54:47 -08:00
dependabot[bot]
270d83c3d7 Bump github.com/xanzy/go-gitlab from 0.54.3 to 0.54.4 (#39)
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.54.3 to 0.54.4.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.54.3...v0.54.4)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 18:54:47 -08:00
dependabot[bot]
df77d0385b Bump cloud.google.com/go/secretmanager from 1.0.0 to 1.1.0 (#41)
Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.0.0...dlp/v1.1.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/secretmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-15 18:54:47 -08:00
Dustin Decker
ee90ab344f Use sane http client instead of retryable 2022-02-15 18:54:47 -08:00
Bill Rich
2d8756938d Fast git scanning (#40)
* Fast git scanning

* Use original tests

* Use committer time

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
2022-02-15 18:54:47 -08:00
Dustin Decker
152ef6d4e1 add include forks option (#37) 2022-02-15 18:54:47 -08:00
Dustin Decker
c131a6e4ae add debug pprof server and metrics server 2022-02-15 18:54:47 -08:00
Dustin Decker
8a03899b43 use sane http client for spotifykey 2022-02-15 18:54:47 -08:00
Bill Rich
1fb767247f Add missing pagination on github calls (#30)
* Add missing pagination on github calls

Includes some refactoring to improve readability and code reuse.

* Close response body and handle rate limit

* Re-include support for including users as repos to github scans

* Fix gist test to match new func signature

* Add current test name to logging

* Support username as org use case

* Also include no-auth user as org

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
2022-02-15 18:54:47 -08:00
Bill Rich
6b183424f5 Match expected chunks to actual 2022-02-15 18:54:47 -08:00
Dustin Decker
6f1ba7de90 make message clearer 2022-02-15 18:54:47 -08:00
Bill Rich
2cc34f4633 Make tests more resilliant and more coverage 2022-02-15 18:54:47 -08:00
Dustin Decker
a96de1a2cd update docs and support multi platform docker images 2022-02-15 18:54:47 -08:00
Dustin Decker
c45bca4b8b only verified results 2022-02-15 18:54:47 -08:00
Dustin Decker
e15fa3a5be helpful logging 2022-02-15 18:54:47 -08:00
Dustin Decker
1e7ee2f4ef Dependabot should update actions 2022-02-15 18:54:47 -08:00
dependabot[bot]
ef1281a32f Bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1453 to 1.61.1465
Bumps [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) from 1.61.1453 to 1.61.1465.
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](https://github.com/aliyun/alibaba-cloud-sdk-go/compare/v1.61.1453...v1.61.1465)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 18:54:47 -08:00
Dustin Decker
44d113c408 Add concurrency to gitlab source integration 2022-02-15 18:54:47 -08:00
Dustin Decker
7e38e699f6 GitHub concurrency (#25)
* GitHub scan concurrency

* Add raw result to plain output

* Fix flakey test (still flakey)

* Fix race
2022-02-15 18:54:47 -08:00
Bill Rich
206b99704b Change log order and path filtering. 2022-02-15 18:54:47 -08:00
Dustin Decker
26184dc2cd Fix incorrect commit skipped error 2022-02-15 18:54:47 -08:00
Dustin Decker
3da3f1ec94 Add gitlab pagination support (#26) 2022-02-15 18:54:47 -08:00
Bill Rich
28ed0c3b7c Complete support for existing git scan flags (#13)
* Add `since_commit` to git scan

* Support `max_depth` option for git scan

* Use new options in github and gitlab sources

* Address review feedback

Co-authored-by: Bill Rich <bill.rich@trufflesec.com>
2022-02-15 18:54:47 -08:00
Dustin Decker
8b15bc0a0a make dogfood 2022-02-15 18:54:47 -08:00
Dustin Decker
089b5c9063 improved plain output 2022-02-15 18:54:47 -08:00
Bill Rich
d5f3bd75ef Add --json-legacy flag to make output match pre-v3.0 2022-02-15 18:54:47 -08:00
Dustin Decker
8afa57cee4 improve plain output 2022-02-15 18:54:47 -08:00
dependabot[bot]
cacb2378e8 Bump github.com/go-errors/errors from 1.4.1 to 1.4.2
Bumps [github.com/go-errors/errors](https://github.com/go-errors/errors) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/go-errors/errors/releases)
- [Commits](https://github.com/go-errors/errors/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: github.com/go-errors/errors
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 18:54:47 -08:00
dependabot[bot]
cd08e9e57b Bump github.com/aws/aws-sdk-go-v2/credentials from 1.7.0 to 1.8.0
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 18:54:47 -08:00
dependabot[bot]
36a6e046b7 Bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1443 to 1.61.1453
Bumps [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) from 1.61.1443 to 1.61.1453.
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](https://github.com/aliyun/alibaba-cloud-sdk-go/compare/v1.61.1443...v1.61.1453)

---
updated-dependencies:
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 18:54:47 -08:00
Dustin Decker
87357959b7 Improve plain output 2022-02-15 18:54:47 -08:00
Dustin Decker
03ead2f7ed Integrate GitHub source 2022-02-15 18:54:47 -08:00
Dustin Decker
f7dca85d2d separate detector tests 2022-02-15 18:54:47 -08:00
Dustin Decker
7be513c567 disable codeql until repo is public, only run one test pipeline on PRs 2022-02-15 18:54:47 -08:00
Dustin Decker
533f6d1e20 updates 2022-02-15 18:54:43 -08:00
Dustin Decker
5596025b0b more detectors 2022-02-15 18:46:28 -08:00