Update secrets scanning workflow

.github/workflows/gradle-build.yml

@@ -18,8 +18,10 @@ jobs:
  java-version: 21
  distribution: 'temurin'
  cache: gradle
- - name: Detect Secrets
- uses: RobertFischer/[email protected]
+ - name: Detect secrets
+ run: |
+ pip install detect-secrets
+ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
  - name: Grant Execute permission for gradlew
  run: chmod +x gradlew
  - name: Build with Gradle

.github/workflows/preview-and-release.yml

@@ -37,8 +37,10 @@ jobs:
  java-version: ${{ env.JAVA_VERSION }}
  distribution: ${{ env.JAVA_DISTRIBUTION}}
  cache: gradle
- - name: Easy detect-secrets
- uses: RobertFischer/[email protected]
+ - name: Detect secrets
+ run: |
+ pip install detect-secrets
+ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
  - name: Download File
  run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
  shell: pwsh
@@ -70,8 +72,10 @@ jobs:
  java-version: ${{ env.JAVA_VERSION }}
  distribution: ${{ env.JAVA_DISTRIBUTION}}
  cache: gradle
- - name: Easy detect-secrets
- uses: RobertFischer/[email protected]
+ - name: Detect secrets
+ run: |
+ pip install detect-secrets
+ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
  - name: Download File
  run: .\scripts\decodeAndWrite.ps1 -encodedValue $env:ENCODED_VALUE -outputPath $env:OUTPUT_PATH
  shell: pwsh

.secrets.baseline

@@ -1,143 +1,139 @@
-{
- "version": "1.5.0",
- "plugins_used": [
- {
- "name": "ArtifactoryDetector"
- },
- {
- "name": "AWSKeyDetector"
- },
- {
- "name": "AzureStorageKeyDetector"
- },
- {
- "name": "Base64HighEntropyString",
- "limit": 4.5
- },
- {
- "name": "BasicAuthDetector"
- },
- {
- "name": "CloudantDetector"
- },
- {
- "name": "DiscordBotTokenDetector"
- },
- {
- "name": "GitHubTokenDetector"
- },
- {
- "name": "GitLabTokenDetector"
- },
- {
- "name": "HexHighEntropyString",
- "limit": 3.0
- },
- {
- "name": "IbmCloudIamDetector"
- },
- {
- "name": "IbmCosHmacDetector"
- },
- {
- "name": "IPPublicDetector"
- },
- {
- "name": "JwtTokenDetector"
- },
- {
- "name": "KeywordDetector",
- "keyword_exclude": ""
- },
- {
- "name": "MailchimpDetector"
- },
- {
- "name": "NpmDetector"
- },
- {
- "name": "OpenAIDetector"
- },
- {
- "name": "PrivateKeyDetector"
- },
- {
- "name": "PypiTokenDetector"
- },
- {
- "name": "SendGridDetector"
- },
- {
- "name": "SlackDetector"
- },
- {
- "name": "SoftlayerDetector"
- },
- {
- "name": "SquareOAuthDetector"
- },
- {
- "name": "StripeDetector"
- },
- {
- "name": "TelegramBotTokenDetector"
- },
- {
- "name": "TwilioKeyDetector"
- }
- ],
- "filters_used": [
- {
- "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
- },
- {
- "path": "detect_secrets.filters.common.is_baseline_file",
- "filename": ".secrets.baseline"
- },
- {
- "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
- "min_level": 2
- },
- {
- "path": "detect_secrets.filters.heuristic.is_indirect_reference"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_likely_id_string"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_lock_file"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_potential_uuid"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_sequential_string"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_swagger_file"
- },
- {
- "path": "detect_secrets.filters.heuristic.is_templated_secret"
- },
- {
- "path": "detect_secrets.filters.HexHighEntropyString.should_exclude_file",
- "pattern": [
- "release-please-config.json"
- ]
- },
- {
- "path": "detect_secrets.filters.regex.should_exclude_file",
- "pattern": [
- "release-please-config.json"
- ]
- }
- ],
- "results": {},
- "generated_at": "2024-05-08T12:56:29Z"
-}
+{
+ "version": "1.5.0",
+ "plugins_used": [
+ {
+ "name": "ArtifactoryDetector"
+ },
+ {
+ "name": "AWSKeyDetector"
+ },
+ {
+ "name": "AzureStorageKeyDetector"
+ },
+ {
+ "name": "Base64HighEntropyString",
+ "limit": 4.5
+ },
+ {
+ "name": "BasicAuthDetector"
+ },
+ {
+ "name": "CloudantDetector"
+ },
+ {
+ "name": "DiscordBotTokenDetector"
+ },
+ {
+ "name": "GitHubTokenDetector"
+ },
+ {
+ "name": "GitLabTokenDetector"
+ },
+ {
+ "name": "HexHighEntropyString",
+ "limit": 3.0
+ },
+ {
+ "name": "IbmCloudIamDetector"
+ },
+ {
+ "name": "IbmCosHmacDetector"
+ },
+ {
+ "name": "IPPublicDetector"
+ },
+ {
+ "name": "JwtTokenDetector"
+ },
+ {
+ "name": "KeywordDetector",
+ "keyword_exclude": ""
+ },
+ {
+ "name": "MailchimpDetector"
+ },
+ {
+ "name": "NpmDetector"
+ },
+ {
+ "name": "OpenAIDetector"
+ },
+ {
+ "name": "PrivateKeyDetector"
+ },
+ {
+ "name": "PypiTokenDetector"
+ },
+ {
+ "name": "SendGridDetector"
+ },
+ {
+ "name": "SlackDetector"
+ },
+ {
+ "name": "SoftlayerDetector"
+ },
+ {
+ "name": "SquareOAuthDetector"
+ },
+ {
+ "name": "StripeDetector"
+ },
+ {
+ "name": "TelegramBotTokenDetector"
+ },
+ {
+ "name": "TwilioKeyDetector"
+ }
+ ],
+ "filters_used": [
+ {
+ "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+ },
+ {
+ "path": "detect_secrets.filters.common.is_baseline_file",
+ "filename": ".secrets.baseline"
+ },
+ {
+ "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+ "min_level": 2
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_lock_file"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_sequential_string"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_swagger_file"
+ },
+ {
+ "path": "detect_secrets.filters.heuristic.is_templated_secret"
+ },
+ {
+ "path": "detect_secrets.filters.regex.should_exclude_file",
+ "pattern": [
+ "src/main/java/com/microsoft/graph/generated/.*",
+ "release-please-config.json",
+ "kiota-lock.json"
+ ]
+ }
+ ],
+ "results": {},
+ "generated_at": "2024-08-13T14:19:43Z"
+}