From e092907c6a00de1681616d36d9b9321bd92ff535 Mon Sep 17 00:00:00 2001 From: George Thomas Date: Fri, 10 Jan 2025 12:23:57 -0800 Subject: [PATCH] Add .secrets.baseline --- .github/workflows/pypi.yaml | 2 +- .github/workflows/wool.yaml | 2 +- .secrets.baseline | 225 ++++++++++++++++++++++++++++++++++++ NOTICE | 2 +- README.md | 8 +- 5 files changed, 232 insertions(+), 7 deletions(-) create mode 100644 .secrets.baseline diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml index 3a27e8466..5a45f71e9 100644 --- a/.github/workflows/pypi.yaml +++ b/.github/workflows/pypi.yaml @@ -13,4 +13,4 @@ jobs: DO_TEST_PUBLISH_FIRST: true secrets: PYPI_TEST_API_TOKEN: ${{ secrets.PYPI_TEST_API_TOKEN }} - PYPI_PROD_API_TOKEN: ${{ secrets.PYPI_PROD_API_TOKEN }} \ No newline at end of file + PYPI_PROD_API_TOKEN: ${{ secrets.PYPI_PROD_API_TOKEN }} diff --git a/.github/workflows/wool.yaml b/.github/workflows/wool.yaml index eb9dbb49a..5219bb899 100644 --- a/.github/workflows/wool.yaml +++ b/.github/workflows/wool.yaml @@ -12,4 +12,4 @@ jobs: - uses: uc-cdis/wool@master env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 000000000..3492238e5 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,225 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + ".github/workflows/ci.yml": [ + { + "type": "Secret Keyword", + "filename": ".github/workflows/ci.yml", + "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0", + "is_verified": false, + "line_number": 17 + } + ], + ".travis.yml": [ + { + "type": "Base64 High Entropy String", + "filename": ".travis.yml", + "hashed_secret": "a5550bd57663a78c1cd9ffd31148627d780a5e94", + "is_verified": false, + "line_number": 9 + }, + { + "type": "Base64 High Entropy String", + "filename": ".travis.yml", + "hashed_secret": "9367bab27f27511665862beae3dad6468998f4a5", + "is_verified": false, + "line_number": 10 + } + ], + "gdcdictionary/examples/valid/aligned_reads_index.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/aligned_reads_index.json", + "hashed_secret": "a1ba33896d16eda8522e531edbaf3b625c1f4c31", + "is_verified": false, + "line_number": 6 + } + ], + "gdcdictionary/examples/valid/experimental_metadata.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/experimental_metadata.json", + "hashed_secret": "daef34f66b6e909f3a22ffd063d48eb428067b6e", + "is_verified": false, + "line_number": 6 + } + ], + "gdcdictionary/examples/valid/slide_image.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/slide_image.json", + "hashed_secret": "daef34f66b6e909f3a22ffd063d48eb428067b6e", + "is_verified": false, + "line_number": 6 + } + ], + "gdcdictionary/examples/valid/submitted_aligned_reads.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/submitted_aligned_reads.json", + "hashed_secret": "e3f181b6b92d74e30d524d03029e785d0c7c7535", + "is_verified": false, + "line_number": 7 + } + ], + "gdcdictionary/examples/valid/submitted_copy_number.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/submitted_copy_number.json", + "hashed_secret": "e3f181b6b92d74e30d524d03029e785d0c7c7535", + "is_verified": false, + "line_number": 6 + } + ], + "gdcdictionary/examples/valid/submitted_methylation.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/submitted_methylation.json", + "hashed_secret": "e3f181b6b92d74e30d524d03029e785d0c7c7535", + "is_verified": false, + "line_number": 7 + } + ], + "gdcdictionary/examples/valid/submitted_somatic_mutation.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/submitted_somatic_mutation.json", + "hashed_secret": "a1ba33896d16eda8522e531edbaf3b625c1f4c31", + "is_verified": false, + "line_number": 9 + } + ], + "gdcdictionary/examples/valid/submitted_unaligned_reads.json": [ + { + "type": "Hex High Entropy String", + "filename": "gdcdictionary/examples/valid/submitted_unaligned_reads.json", + "hashed_secret": "88e3a7adc1779a311467797f00d2edc5e9697d9c", + "is_verified": false, + "line_number": 7 + } + ] + }, + "generated_at": "2025-01-10T20:22:28Z" +} diff --git a/NOTICE b/NOTICE index e0b3f196b..696469d73 100644 --- a/NOTICE +++ b/NOTICE @@ -1 +1 @@ -Copyright 2015 University of Chicago, Ontario Institute for Cancer Research Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this work, authored by University of Chicago and Ontario Institute for Cancer Research employees, was funded in whole or in part by National Cancer Institute, National Institutes of Health under U.S. Government contract HHSN261200800001E. \ No newline at end of file +Copyright 2015 University of Chicago, Ontario Institute for Cancer Research Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this work, authored by University of Chicago and Ontario Institute for Cancer Research employees, was funded in whole or in part by National Cancer Institute, National Institutes of Health under U.S. Government contract HHSN261200800001E. diff --git a/README.md b/README.md index 5be7bd6f9..279f7cc20 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,9 @@ The data dictionary provides the first level of validation for all data stored in and generated by the BPA. Written in YAML, JSON schemas define all the individual entities (nodes) in the data model. Moreover, these schemas define all of the relationships (links) between the nodes. Finally, the schemas define the valid key-value pairs that can be used to -describe the nodes. +describe the nodes. -## Data Dictionary Structure +## Data Dictionary Structure The Data Model covers all of the nodes within the as well as the relationships between the different types of nodes. All of the nodes in the data model are strongly typed and individually @@ -37,13 +37,13 @@ characterize the data they represent. Some properties are categorized as `requir If a submission lacks a required property, it cannot be accepted. Preferred properties can denote two things: the property is being highlighted as it has become more desired by the community or the property is being promoted to required. All properties not designated either `required` or -`preferred` are still sought by BPA, but submissions without them are allowed. +`preferred` are still sought by BPA, but submissions without them are allowed. The properties have further validation through their entries. Legal values are defined in each property. For the most part these are represented in the `enum` categories although some keys, such as `submitter_id`, will allow any string value as a valid entry. Other numeric properties can have maximum and minimum values to limit valid entries. For examples of what a valid entry -would look like, each node has a mock submission located in the `examples/valid/` directory. +would look like, each node has a mock submission located in the `examples/valid/` directory. ## Contributing