feat(secretscan): support .gitsecrets-ignore file for false positives
Some checks failed
Build and Release / Create Release (push) Has been skipped
Build and Release / Unit Tests (push) Failing after 50s
Build and Release / Lint (push) Failing after 1m17s
Build and Release / Integration Tests (PostgreSQL) (push) Failing after 1m16s
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been skipped
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been skipped
Build and Release / Build Binary (linux/arm64) (push) Has been skipped
Some checks failed
Build and Release / Create Release (push) Has been skipped
Build and Release / Unit Tests (push) Failing after 50s
Build and Release / Lint (push) Failing after 1m17s
Build and Release / Integration Tests (PostgreSQL) (push) Failing after 1m16s
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been skipped
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been skipped
Build and Release / Build Binary (linux/arm64) (push) Has been skipped
Parse .gitsecrets-ignore file from commits to filter out known false positives during secret scanning. Matches entries by SHA-256 content hash (truncated to 16 chars) and pattern ID. Update push rejection message to guide users toward GitSecrets addon for managing ignored detections.
This commit is contained in:
@@ -143,7 +143,10 @@ func formatBlockMessage(secrets []secretscan.DetectedSecret, repoName string) st
|
||||
sb.WriteString(" 2. Use environment variables or a secrets manager\n")
|
||||
sb.WriteString(" 3. Consider using GitCaddy Vault to securely store secrets\n")
|
||||
sb.WriteString("\n")
|
||||
sb.WriteString("If this is a false positive, contact your administrator.\n")
|
||||
sb.WriteString("FALSE POSITIVE?\n")
|
||||
sb.WriteString(" Use the GitSecrets addon to mark detections as false\n")
|
||||
sb.WriteString(" positives. This creates a .gitsecrets-ignore file in\n")
|
||||
sb.WriteString(" your repo that the server will respect on future pushes.\n")
|
||||
sb.WriteString("═══════════════════════════════════════════════════════════\n")
|
||||
|
||||
return sb.String()
|
||||
|
||||
Reference in New Issue
Block a user