diff --git a/.gitignore b/.gitignore index 98689220c..2d028bef7 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,3 @@ target/* .idea/* .idea/ *.iml -.pre-commit-trivy-cache/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index 959960db1..000000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,17 +0,0 @@ -repos: - - repo: https://github.com/mxab/pre-commit-trivy.git - rev: v0.5.1 - hooks: - - id: trivyfs-docker - args: - - --scanners - - secret - - --secret-config - - /src/trivy-secret.yaml - - --skip-dirs - - /src/target - - --skip-dirs - - /src/.idea - - --skip-files - - /src/src/main/resources/localstack/kms/seed.yaml - - . diff --git a/trivy-secret.yaml b/trivy-secret.yaml deleted file mode 100644 index 57f476f2d..000000000 --- a/trivy-secret.yaml +++ /dev/null @@ -1,215 +0,0 @@ -rules: - ################## - # UID2 Admin Key # - ################## - - id: uid2-admin-key-test - category: uid2 - title: UID2 - Admin Key - Test - severity: CRITICAL - keywords: - - UID2-A-T - regex: UID2-A-T-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-admin-key-integ - category: uid2 - title: UID2 - Admin Key - Integ - severity: CRITICAL - keywords: - - UID2-A-I - regex: UID2-A-I-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-admin-key-prod - category: uid2 - title: UID2 - Admin Key - Prod - severity: CRITICAL - keywords: - - UID2-A-P - regex: UID2-A-P-(?P.{6}\..{38}) - secret-group-name: secret - - ################### - # UID2 Client Key # - ################### - - id: uid2-client-key-test - category: uid2 - title: UID2 - Client Key - Test - severity: CRITICAL - keywords: - - UID2-C-T - regex: UID2-C-T-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-client-key-integ - category: uid2 - title: UID2 - Client Key - Integ - severity: CRITICAL - keywords: - - UID2-C-I - regex: UID2-C-I-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-client-key-prod - category: uid2 - title: UID2 - Client Key - Prod - severity: CRITICAL - keywords: - - UID2-C-P - regex: UID2-C-P-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - ##################### - # UID2 Operator Key # - ##################### - - id: uid2-operator-key-test - category: uid2 - title: UID2 - Operator Key - Test - severity: CRITICAL - keywords: - - UID2-O-T - regex: UID2-O-T-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-operator-key-integ - category: uid2 - title: UID2 - Operator Key - Integ - severity: CRITICAL - keywords: - - UID2-O-I - regex: UID2-O-I-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: uid2-operator-key-prod - category: uid2 - title: UID2 - Operator Key - Prod - severity: CRITICAL - keywords: - - UID2-O-P - regex: UID2-O-P-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - ######################################## - # UID2 Client Side Keypair Private Key # - ######################################## - - id: uid2-client-side-keypair-private-key-test - category: uid2 - title: UID2 - Client Side Keypair Private Key - Test - severity: CRITICAL - keywords: - - UID2-Y-T - regex: UID2-Y-T-(?P.{92}) - secret-group-name: secret - - id: uid2-client-side-keypair-private-key-integ - category: uid2 - title: UID2 - Client Side Keypair Private Key - Integ - severity: CRITICAL - keywords: - - UID2-Y-I - regex: UID2-Y-I-(?P.{92}) - secret-group-name: secret - - id: uid2-client-side-keypair-private-key-prod - category: uid2 - title: UID2 - Client Side Keypair Private Key - Prod - severity: CRITICAL - keywords: - - UID2-Y-P - regex: UID2-Y-P-(?P.{92}) - secret-group-name: secret - - ################## - # EUID Admin Key # - ################## - - id: euid-admin-key-test - category: euid - title: EUID - Admin Key - Test - severity: CRITICAL - keywords: - - EUID-A-T - regex: EUID-A-T-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-admin-key-integ - category: euid - title: EUID - Admin Key - Integ - severity: CRITICAL - keywords: - - EUID-A-I - regex: EUID-A-I-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-admin-key-prod - category: euid - title: EUID - Admin Key - Prod - severity: CRITICAL - keywords: - - EUID-A-P - regex: EUID-A-P-(?P.{6}\..{38}) - secret-group-name: secret - - ################### - # EUID Client Key # - ################### - - id: euid-client-key-test - category: euid - title: EUID - Client Key - Test - severity: CRITICAL - keywords: - - EUID-C-T - regex: EUID-C-T-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-client-key-integ - category: euid - title: EUID - Client Key - Integ - severity: CRITICAL - keywords: - - EUID-C-I - regex: EUID-C-I-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-client-key-prod - category: euid - title: EUID - Client Key - Prod - severity: CRITICAL - keywords: - - EUID-C-P - regex: EUID-C-P-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - ##################### - # EUID Operator Key # - ##################### - - id: euid-operator-key-test - category: euid - title: EUID - Operator Key - Test - severity: CRITICAL - keywords: - - EUID-O-T - regex: EUID-O-T-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-operator-key-integ - category: euid - title: EUID - Operator Key - Integ - severity: CRITICAL - keywords: - - EUID-O-I - regex: EUID-O-I-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - - id: euid-operator-key-prod - category: euid - title: EUID - Operator Key - Prod - severity: CRITICAL - keywords: - - EUID-O-P - regex: EUID-O-P-[0-9]+-(?P.{6}\..{38}) - secret-group-name: secret - -disable-allow-rules: - - tests - - examples - - vendor - - usr-dirs - - locale-dir - - markdown - - node.js - - golang - - python - - rubygems - - wordpress - - anaconda-log - -allow-rules: - - id: skip-localstack-kms-seed - description: Skip localstack KMS seed files - path: /*/localstack/kms/seed.yaml