Skip to content

Commit

Permalink
Merge pull request #323 from SAP/develop
Browse files Browse the repository at this point in the history
Upgrade to v4.14.4
  • Loading branch information
marcorosa authored Sep 10, 2024
2 parents 4acb64f + 5d35d06 commit b5fb0e5
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 12 deletions.
7 changes: 7 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,10 @@ Due to legal reasons, contributors will be asked to accept a DCO before they
submit the first pull request to this projects, this happens in an automated
fashion during the submission process. SAP uses [the standard DCO text of the
Linux Foundation](https://developercertificate.org/).


### Contributing with AI-generated code

As artificial intelligence evolves, AI-generated code is becoming valuable for many software projects, including open-source initiatives. While we recognize the potential benefits of incorporating AI-generated content into our open-source projects there a certain requirements that need to be reflected and adhered to when making contributions.

Please see SAP's [guideline for AI-generated code contributions to SAP Open Source Software Projects](https://github.com/SAP/.github/blob/main/CONTRIBUTING_USING_GENAI.md) for these requirements.
14 changes: 5 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ Credential Digger also offers a simple CLI to scan a repository. The CLI support

Refer to the [Wiki](https://github.com/SAP/credential-digger/wiki) for all the supported commands and their usage.


## Micosoft Visual Studio Plugin

VS Code extension for project "Credential Digger" is a free IDE extension that let you detect secrets and credentials in your code before they get leaked! Like a spell checker, the extension scans your files using the Credential Digger and highlights the secrets as you write code, so you can fix them before the code is even committed.
Expand All @@ -254,32 +255,27 @@ The VS Code extension can be donwloaded from the [Microsoft VS Code Marketplace]

![VSCODE](https://github.com/SAP/credential-digger/blob/main/github_assets/credential-digger-how-it-works.gif)


## pre-commit hook

Credential Digger can be used with the [pre-commit](https://pre-commit.com/) framework to scan staged files before each commit.

Please, refer to the [Wiki page of the pre-commit hook](https://github.com/SAP/credential-digger/wiki/pre-commit-hook) for further information on its installation and execution.

## CI/CD Pipeline Intergation on Piper

## CI/CD Pipeline Intergation on Piper (SAP Jenkins Library)

![Piper](https://github.com/SAP/credential-digger/blob/main/github_assets/piper.png)

Credential Digger is intergrated with the continuous delivery CI/CD pipeline [Piper](https://www.project-piper.io/) in order to automate secrets scans for your Github projects and repositories.
In order to activate the Credential Diggger Step please refer to this [Credential Digger step documentation for Piper](https://www.project-piper.io/steps/credentialdiggerScan/)

### How Piper works with Jenkins

- Once the step for credentialdigger is reached, its docker image is downloaded from the internal SAP registry. (A public instance will be avaialble soon)
- Jenkins runs this container and runs a scan using credentialdigger, based on the step configuration. Indeed, the step supports full scan of a repo, scan of a snapshot and scan of a pull request. It is also supporting orchestrators.
- The result of the scan (an excel file) is stored in Jenkins workspace as an output artifact
- Jenkins destroys the container after the scan

There is no need to deploy or install a Credential Digger instance !!

## Wiki

For further information, please refer to the [Wiki](https://github.com/SAP/credential-digger/wiki)


## Contributing

We invite your participation to the project through issues and pull requests. Please refer to the [Contributing guidelines](https://github.com/SAP/credential-digger/blob/main/CONTRIBUTING.md) for how to contribute.
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = 'setuptools.build_meta'

[project]
name = 'credentialdigger'
version = '4.14.3'
version = '4.14.4'
dynamic = ['dependencies']
authors = [
{name = 'SAP SE'}
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ psycopg2-binary
PyGithub
python-dotenv
pyyaml
rich~=13.7
rich~=13.8
srsly>=2.4.0
tensorflow==2.17.0; python_version > "3.8"
tensorflow==2.13.1; python_version <= "3.8"
Expand Down
2 changes: 1 addition & 1 deletion tests/tests-requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
parameterized~=0.9.0
pytest~=8.3.1
pytest~=8.3.2

0 comments on commit b5fb0e5

Please sign in to comment.