A docker image to enable invoking of Yelp's detect-secrets hook command without having to install the python package.
This image is deployed to Docker Hub at: https://hub.docker.com/r/lirantal/detect-secrets
Runs the detect-secrets-hook
command for a given git project, with the following options:
- The current directory is assumed to be the .git root directory and so the volume mounts
pwd
to the container's/usr/src/app
directory src/index.js
andsrc/component.js
are files for which will be tested for secrets
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "src/index.js" "src/component.js"
If a project has a previously created .secrets-baseline
it can be passed as a command argument to the container:
docker run -it --rm --name detect-secrets --volume `pwd`:/usr/src/app lirantal/detect-secrets "--baseline .secrets-baseline" "src/index.js"
For projects which exhibit a structure such as:
| app
|_ .git/
|_ client/
|_ server/
|_ .secrets-baseline
it is required to tweak the execution of detect-secrets-hook
when it runs in the container image to simulate the exact scenario of it running inside the nested server/
directory, while mounting the top level application directory:
docker run -it --rm --name detect-secrets --volume /path/to/root/project/dir:/usr/src/app --workdir "/usr/src/app/server" lirantal/detect-secrets "src/index.js"
Building the image from the Dockerfile and then you may execute it locally:
docker build --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --tag detect-secrets .
Liran Tal [email protected]