adrienne / fix cloudflare deployment security #5667
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
adrienne-deriv
force-pushed
the
fix-cloudflare-deployment-security
branch
from
5472b48 to
a401298
Compare
|
⚡️ Lighthouse report for the changes in this PR:
Lighthouse ran on https://deriv-com-git-fork-adrienne-deriv-fix-cloudflare-deploym-54bfd2.binary.sx/ |
|
| GitGuardian id | Secret | Commit | Filename | |
|---|---|---|---|---|
| - | Google API Key | 8179b91 | src/common/constants.ts | View secret |
| - | Google API Key | 85ad00b | src/common/constants.ts | View secret |
| - | Google API Key | 85ad00b | src/common/constants.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
adrienne-deriv
requested review from
habib-deriv,
yashim-deriv,
prince-deriv,
mohsen-deriv,
mitra-deriv and
fasihali-deriv
as code owners
| response=$(curl -s -L \ | ||
| -w "%{http_code}" \ | ||
| -o /dev/null -H "Accept: application/vnd.github+json" \ | ||
| -H "Authorization: Bearer ${{ secrets.LIST_ORGS_TOKEN }}" \ |
There was a problem hiding this comment.
We need a separate Github classic token for this with SSO verification for binary-com organization
cc: @balakrishna-deriv
There was a problem hiding this comment.
Will secrets.GITHUB_TOKEN work? I think it might work because we are only doing a read operation.
There was a problem hiding this comment.
Noo it needs a new token that is SSOed with binary-com organization, the GITHUB_TOKEN is provided by default
…nne-deriv/deriv-com into fix-cloudflare-deployment-security
|
Kudos, SonarCloud Quality Gate passed!
|
|
LGTM |
* refactor: sanitized email input from html element symbols * chore: added pre-flow workflow for cloudflare pages * chore: reverted prettier changes * Revert "chore: reverted prettier changes" This reverts commit a401298. * chore: reverted prettier changes again * chore: reverted pretiter changes againn * Update messages.json * Update messages.json * chore: change secrets name
Changes:
Type of change