add secret scan capabilities

SecurityForCloudBuilders · Jun 20, 2024 · 7746e8b · 7746e8b
1 parent 322b5e2
commit 7746e8b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/.github/workflows/secure-pipeline.yml b/.github/workflows/secure-pipeline.yml
@@ -66,7 +66,7 @@ jobs:
           docker build -t $DOCKER_IMAGE .
           docker push ${DOCKER_IMAGE}
 
-      - name: Trend Cloud One Container Security Scan Action 
+      - name: Trend Micro Container Vulnerability Scan  
         env:
           GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
           VERSION: ${{ steps.version.outputs.VERSION }}
@@ -75,6 +75,16 @@ jobs:
          export TMAS_API_KEY=${{ secrets.TMAS_API_KEY }}
          curl -s -L https://gist.github.com/raphabot/abae09b46c29afc7c3b918b7b8ec2a5c/raw/ | bash
          tmas scan registry:${DOCKER_IMAGE}
+      
+      - name: Trend Micro Container Secret Scan  
+        env:
+          GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
+          VERSION: ${{ steps.version.outputs.VERSION }}
+        run: |
+         DOCKER_IMAGE="us-central1-docker.pkg.dev/${GOOGLE_PROJECT}/java-goof/goof:${VERSION}"
+         export TMAS_API_KEY=${{ secrets.TMAS_API_KEY }}
+         curl -s -L https://gist.github.com/raphabot/abae09b46c29afc7c3b918b7b8ec2a5c/raw/ | bash
+         tmas scan secrets registry:${DOCKER_IMAGE}
 
       - name: Deploy to GKE
         env:

diff --git a/todolist-goof/todolist-web-struts/secrets.py b/todolist-goof/todolist-web-struts/secrets.py
@@ -0,0 +1,9 @@
+red_herring = 'DEADBEEF'
+id = 'YW1pYWx3YXlzZ2VuZXJhdGluZ3BheWxvYWRzd2hlbmltaHVuZ3J5b3JhbWlhbHdheXNodW5ncnk'
+
+base64_secret = 'c2VjcmV0IG1lc3NhZ2Ugc28geW91J2xsIG5ldmVyIGd1ZXNzIG15IHBhc3N3b3Jk'
+hex_secret = '8b1118b376c313ed420e5133ba91307817ed52c2'
+basic_auth = 'http://username:whywouldyouusehttpforpasswords@example.com'
+
+aws_access_key = 'AKIAIOSFODNN7EXAMPLE'
+aws_secret_access_key = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'