From 79dde59c407a0cfa30a100c72bd0727a92dfef29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 21:29:27 +0000 Subject: [PATCH 1/5] Update pytest requirement from ~=8.3.1 to ~=8.3.2 Updates the requirements on [pytest](https://github.com/pytest-dev/pytest) to permit the latest version. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/8.3.1...8.3.2) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- tests/tests-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests-requirements.txt b/tests/tests-requirements.txt index 4e2e7fd6..a7f1850d 100644 --- a/tests/tests-requirements.txt +++ b/tests/tests-requirements.txt @@ -1,2 +1,2 @@ parameterized~=0.9.0 -pytest~=8.3.1 \ No newline at end of file +pytest~=8.3.2 \ No newline at end of file From 3e421edbe4e62e275af4c78997be089fc859cd58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 21:41:16 +0000 Subject: [PATCH 2/5] Update rich requirement from ~=13.7 to ~=13.8 Updates the requirements on [rich](https://github.com/Textualize/rich) to permit the latest version. - [Release notes](https://github.com/Textualize/rich/releases) - [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md) - [Commits](https://github.com/Textualize/rich/compare/v13.7.0...v13.8.0) --- updated-dependencies: - dependency-name: rich dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 41df5f62..bf25f03c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ psycopg2-binary PyGithub python-dotenv pyyaml -rich~=13.7 +rich~=13.8 srsly>=2.4.0 tensorflow==2.17.0; python_version > "3.8" tensorflow==2.13.1; python_version <= "3.8" From 43c67515eebd73fc8c235d1a6b5b05af8e2c768c Mon Sep 17 00:00:00 2001 From: Marco Rosa Date: Tue, 10 Sep 2024 09:17:03 +0200 Subject: [PATCH 3/5] Reference genAI code contribution guidelines --- CONTRIBUTING.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 19d649b5..c4bea946 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -69,3 +69,10 @@ Due to legal reasons, contributors will be asked to accept a DCO before they submit the first pull request to this projects, this happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/). + + +### Contributing with AI-generated code + +As artificial intelligence evolves, AI-generated code is becoming valuable for many software projects, including open-source initiatives. While we recognize the potential benefits of incorporating AI-generated content into our open-source projects there a certain requirements that need to be reflected and adhered to when making contributions. + +Please see SAP's [guideline for AI-generated code contributions to SAP Open Source Software Projects](https://github.com/SAP/.github/blob/main/CONTRIBUTING_USING_GENAI.md) for these requirements. From 7549a8418f1c39f138e34832270ba8d61df9fea8 Mon Sep 17 00:00:00 2001 From: Marco Rosa Date: Tue, 10 Sep 2024 09:33:25 +0200 Subject: [PATCH 4/5] Update piper section in README --- README.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 8f49118b..43af0957 100644 --- a/README.md +++ b/README.md @@ -246,6 +246,7 @@ Credential Digger also offers a simple CLI to scan a repository. The CLI support Refer to the [Wiki](https://github.com/SAP/credential-digger/wiki) for all the supported commands and their usage. + ## Micosoft Visual Studio Plugin VS Code extension for project "Credential Digger" is a free IDE extension that let you detect secrets and credentials in your code before they get leaked! Like a spell checker, the extension scans your files using the Credential Digger and highlights the secrets as you write code, so you can fix them before the code is even committed. @@ -254,32 +255,27 @@ The VS Code extension can be donwloaded from the [Microsoft VS Code Marketplace] ![VSCODE](https://github.com/SAP/credential-digger/blob/main/github_assets/credential-digger-how-it-works.gif) + ## pre-commit hook Credential Digger can be used with the [pre-commit](https://pre-commit.com/) framework to scan staged files before each commit. Please, refer to the [Wiki page of the pre-commit hook](https://github.com/SAP/credential-digger/wiki/pre-commit-hook) for further information on its installation and execution. -## CI/CD Pipeline Intergation on Piper + +## CI/CD Pipeline Intergation on Piper (SAP Jenkins Library) ![Piper](https://github.com/SAP/credential-digger/blob/main/github_assets/piper.png) Credential Digger is intergrated with the continuous delivery CI/CD pipeline [Piper](https://www.project-piper.io/) in order to automate secrets scans for your Github projects and repositories. In order to activate the Credential Diggger Step please refer to this [Credential Digger step documentation for Piper](https://www.project-piper.io/steps/credentialdiggerScan/) -### How Piper works with Jenkins - -- Once the step for credentialdigger is reached, its docker image is downloaded from the internal SAP registry. (A public instance will be avaialble soon) -- Jenkins runs this container and runs a scan using credentialdigger, based on the step configuration. Indeed, the step supports full scan of a repo, scan of a snapshot and scan of a pull request. It is also supporting orchestrators. -- The result of the scan (an excel file) is stored in Jenkins workspace as an output artifact -- Jenkins destroys the container after the scan - -There is no need to deploy or install a Credential Digger instance !! ## Wiki For further information, please refer to the [Wiki](https://github.com/SAP/credential-digger/wiki) + ## Contributing We invite your participation to the project through issues and pull requests. Please refer to the [Contributing guidelines](https://github.com/SAP/credential-digger/blob/main/CONTRIBUTING.md) for how to contribute. From 6885a7ea71ec8b80c4cec2b98cf4c2db433b18ef Mon Sep 17 00:00:00 2001 From: Marco Rosa Date: Tue, 10 Sep 2024 09:34:32 +0200 Subject: [PATCH 5/5] Update package version --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 8353068d..fbef0665 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = 'setuptools.build_meta' [project] name = 'credentialdigger' -version = '4.14.3' +version = '4.14.4' dynamic = ['dependencies'] authors = [ {name = 'SAP SE'}