Thanks to all our contributors, users, and the many people that make
detect-secrets-server possible! β€οΈ
If you love detect-secrets-server, please star our project on GitHub to show
your support! β
- Add ability to pass arbritrary arguments to
detect-secrets(#65)
- Update development environment and testing setup (#63)
- Drop support for Python 3 (#51)
- Add a GitHub webhook scanner (#56)
- Fixed a bug where our cron functionality didn't handle a custom root directory (#36, thanks @gsoyka)
- Fixed a bug where we were would crash with a
OSError: [Errno 7] Argument list too longif there were too many files in the git diff (#35)
- Fixed a very important bug where we were not fetching changes for non-local repositories (#30, thanks @chetmancini, @akshayatplivo, @ajchida, @rameshkumar-a))
- Fixed a
UnidiffParseError: Hunk is shorter than expectedcrash
- Bumped version of
detect-secretsfromv0.12.0to v0.12.2, primarily to improve performance
- Fixed a bug where we were not assigning the commit of found secrets to HEAD (#27)
- Fixed a bug where we were
git fetching for local git repositories (#26)
- Added a
--diff-filteroptimization, so we only scan added, copied or modified files (#22)
- Fixed a bug where,
scanon bare repositories gave aYour local changes to the following files would be overwritten by merge:error (#23)
- Fixed a bug where we were using an older version of
detect-secretsin ourrequirements-devtxtfiles
- Added
--exclude-filesand--exclude-linesargs to scan (#18) - Added git commit to secrets before calling
output_hook.alert(#15)
- Started to ignore the
exclude_regexin repo metadata when scanning as a short-term solution for Issue 17 (#18)
addandscannow handle non-SSH urls for git cloning. See Issue 13 for more details.
- Bumped version of
detect-secretsto 0.11.4, so that we can leverage the newAWSKeyDetectorand theKeywordDetector.
- Added support for delegating state management to output hooks, using the
flag
--always-update-state.
-
All previous config files' format has been changed, for better usability (and reducing the need to supply multiple config files during a single invocation). Be sure to check out some examples in examples/
-
The CLI API has also been changed, to support better usability. Check out how to use the new commands with
-h.
-
Actually works with the latest version of
detect-secrets. -
New
--output-hookfunctionality, to specify arbitrary scripts for handling alerts. This should make it easier, so users aren't forced into using pysensu. -
detect-secrets-server listsupports a convenient way to list all tracked repositories. -
detect-secrets-server installis a modular way to connect tracked repositories with a system that runsdetect-secrets-server scanon a regular basis. Currently, the only supported method iscron.
-
Minimal dependencies! Previously, you had to install boto3, even if you weren't using the S3 storage option. Now, only install what you need, based on your unique setup.
-
Introduction of the
Storageclass abstraction. This separates the management of tracked repositories (git cloning, baseline comparisons) with the method of storing server metadata, for cleaner code, decoupled architecture, and modularity.