refactor(kb): revise articles about secret detection in repositories

2026-02-08 21:34:25 +00:00 · 2024-11-03 19:44:09 +01:00
parent 7be58080d2
commit 0548a931c9
8 changed files with 276 additions and 15 deletions
--- a/base/detect-secrets.md
+++ b/base/detect-secrets.md
@@ -0,0 +1,68 @@
+# `detect-secrets`
+
+Python module for detecting secrets within code bases.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+<details>
+  <summary>Setup</summary>
+
+```sh
+brew install 'detect-secrets'
+pip install 'detect-secrets'
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+detect-secrets scan
+detect-secrets scan --exclude-lines 'password = (blah|fake)' --exclude-files '.*\.signature$'
+```
+
+</details>
+
+<!-- Uncomment if used
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+```
+
+</details>
+-->
+
+## Further readings
+
+- [Main repository]
+
+Alternatives:
+
+- [gitleaks]
+- [`ripsecrets`][ripsecrets]
+- [trufflehog]
+
+### Sources
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[gitleaks]: gitleaks.md
+[ripsecrets]: ripsecrets.md
+[trufflehog]: trufflehog.md
+
+<!-- Files -->
+<!-- Upstream -->
+[main repository]: https://github.com/Yelp/detect-secrets
+
+<!-- Others -->
--- a/base/detect-secrets.placeholder
+++ b/base/detect-secrets.placeholder
@@ -1,3 +0,0 @@
-https://github.com/Yelp/detect-secrets
-
-alternatives: gitleaks, ripsecrets, trufflehog
--- a/base/gitleaks.md
+++ b/base/gitleaks.md
@@ -0,0 +1,70 @@
+# Gitleaks
+
+Open-source secret scanner for git repositories, files, and directories.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+<details>
+  <summary>Setup</summary>
+
+```sh
+brew install 'gitleaks'
+docker pull 'zricethezav/gitleaks:latest'
+```
+
+</details>
+
+<!-- Uncomment if used
+<details>
+  <summary>Usage</summary>
+
+```sh
+```
+
+</details>
+-->
+
+<!-- Uncomment if used
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+```
+
+</details>
+-->
+
+## Further readings
+
+- [Website]
+- [Main repository]
+
+Alternatives:
+
+- [`detect-secrets`][detect-secrets]
+- [`ripsecrets`][ripsecrets]
+- [trufflehog]
+
+### Sources
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[detect-secrets]: detect-secrets.md
+[ripsecrets]: ripsecrets.md
+[trufflehog]: trufflehog.md
+
+<!-- Files -->
+<!-- Upstream -->
+[main repository]: https://github.com/gitleaks/gitleaks
+[website]: https://gitleaks.io/
+
+<!-- Others -->
--- a/base/gitleaks.placeholder
+++ b/base/gitleaks.placeholder
@@ -1,4 +0,0 @@
-https://gitleaks.io/
-https://github.com/gitleaks/gitleaks
-
-alternatives: detect-secrets, ripsecrets, trufflehog
--- a/base/ripsecrets.md
+++ b/base/ripsecrets.md
@@ -0,0 +1,68 @@
+# `ripsecrets`
+
+Command-line tool to prevent committing secret keys into source code.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+<details>
+  <summary>Setup</summary>
+
+```sh
+brew install 'ripsecrets'
+cargo install --git 'https://github.com/sirwart/ripsecrets' --branch 'main'
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+ripsecrets
+ripsecrets 'path/to/file.1' 'file2' 'dir1'
+```
+
+</details>
+
+<!-- Uncomment if used
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+```
+
+</details>
+-->
+
+## Further readings
+
+- [Main repository]
+
+Alternatives:
+
+- [`detect-secrets`][detect-secrets]
+- [gitleaks]
+- [trufflehog]
+
+### Sources
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[detect-secrets]: detect-secrets.md
+[gitleaks]: gitleaks.md
+[trufflehog]: trufflehog.md
+
+<!-- Files -->
+<!-- Upstream -->
+[main repository]: https://github.com/sirwart/ripsecrets
+
+<!-- Others -->
--- a/base/ripsecrets.placeholder
+++ b/base/ripsecrets.placeholder
@@ -1,3 +0,0 @@
-https://github.com/sirwart/ripsecrets
-
-alternatives: detect-secrets, gitleaks, trufflehog
--- a/base/trufflehog.md
+++ b/base/trufflehog.md
@@ -0,0 +1,70 @@
+# Trufflehog
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+<details>
+  <summary>Setup</summary>
+
+```sh
+brew install 'trufflehog'
+docker pull 'trufflesecurity/trufflehog:latest'
+```
+
+</details>
+
+<details>
+  <summary>Usage</summary>
+
+```sh
+trufflehog git 'https://github.com/trufflesecurity/test_keys' --only-verified
+
+docker run --rm -it -v "$PWD:/pwd" 'trufflesecurity/trufflehog:latest' \
+  github --repo 'https://github.com/trufflesecurity/test_keys'
+```
+
+</details>
+
+<!-- Uncomment if used
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+```
+
+</details>
+-->
+
+## Further readings
+
+- [Website]
+- [Main repository]
+
+Alternatives:
+
+- [`detect-secrets`][detect-secrets]
+- [gitleaks]
+- [`ripsecrets`][ripsecrets]
+
+### Sources
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[detect-secrets]: detect-secrets.md
+[gitleaks]: gitleaks.md
+[ripsecrets]: ripsecrets.md
+
+<!-- Files -->
+<!-- Upstream -->
+[main repository]: https://github.com/trufflesecurity/trufflehog
+[website]: https://trufflesecurity.com/
+
+<!-- Others -->
--- a/base/trufflehog.placeholder
+++ b/base/trufflehog.placeholder
@@ -1,5 +0,0 @@
-# Trufflehog
-
-https://github.com/trufflesecurity/trufflehog
-
-alternatives: detect-secrets, gitleaks, ripsecrets