git-scan issue FILE_IGNORED multiple directory

Mani Bala January 8, 2024
- pipe: atlassian/git-secrets-scan:1.4.0
variables:
FILES_IGNORED: '*.DotSettings *Mocks.cs' 
I need to ignore multiple files as part of the scan , seems like only one file extensuon *.DotSettings is getting ignored while the other is not getting ignored, 
 How do I make sure that both of my files are getting ignored?
Should I have to mention the complete path or file names here?

2 answers

1 accepted

1 vote
Answer accepted
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2024

Hi Mani,

If you are trying to ignore both the .DotSettings and .cs extensions, please try the following format:

  • '*.DotSettings *.cs'

If you are ignoring specific files you only need the file names themselves rather than the path locations:

  • 'example.DotSettings Mocks.cs'

Please try this for me and let me know how it goes

Cheers!

- Ben (Bitbucket Cloud Support)

Mani Bala January 14, 2024

HI Ben, 

 

Thanks for the reply , there are a few settings , I have , I have keystrings and secrets , username , passwords , connection strings for the DB , do you have a regular expression , which would actually scan through all of them ? I am using the regular expression , provided by the manual pages, CUSTOM_ARGS but somehow , I don t have the confidence that it scans through completely. Do you have any solution for that? 

 

Or Is there any other better tool you recommend from attlasian , or market place to do that , which does not require to pay a license fee?

 

Thanks 

Mani

Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 15, 2024

Hi Mani,

I'd suggest looking into glob patterns or using a generator tool for Regular Expressions to match your needs, for example:

There is not another Atlassian-supported tool, unfortunately, that handles this. I cannot find anything in Marketplace either (the only ones I did find were for Bitbucket Server only). You could use something such as a python script to handle this, for example:

Hope this helps.

Cheers!

- Ben (Bitbucket Cloud Support)

Like Sabine Mayer likes this
Mani Bala January 28, 2024
Hi Ben ,

Below is the script and I modified it as per your recommendations ,. , gave both with wild card as well as with full file names( without the path)
steps:
- step: &scanSecrets
name: Scan for Secrets
script:
- pipe: atlassian/git-secrets-scan:1.5.0
variables:
FILES_IGNORED: '*.cer'
CUSTOM_PATTERN_ARGS: ['^R_[0-9a-f]{32}$', '^[0-9a-zA-Z]{64}$']


I get an error
INFO: Found security credentials:
98
identityserv_testing.cer:3
99
112
INFO: {'external_id': 'ca07b631-f81e-4ba7-9d91-5592d8d2bc08', 'uuid': '{fd579f37-a157-50be-8f34-29e77c1124dd}', 'report': {'uuid': '{84c79fe2-acda-59e4-9aec-bc0f765a581b}', 'title': 'Git secrets scan', 'details': 'Sensitive data has been discovered in your code by git-secrets-scan.', 'external_id': 'git-secrets-scan-report-878beb0736d5b63ffe9095a27148465458a59247', 'reporter': 'Created by git-secrets-scan pipe.', 'created_by': {'type': 'user', 'uuid': '{cf8600d3-fa68-40b4-9795-174c24e1f8f7}'}, 'report_type': 'BUG', 'result': 'FAILED', 'remote_link_enabled': False, 'data': [], 'created_on': '2024-01-28T10:53:01.333321Z', 'updated_on': '2024-01-28T10:53:01.333321Z', 'type': 'report'}, 'annotation_type': 'VULNERABILITY', 'path': 'IdentityServer.UnitTests/identityserver_testing.cer', 'line': 16, 'summary': 'Credentials found in code.', 'result': 'FAILED', 'severity': 'HIGH', 'created_on': '2024-01-28T10:53:04.335523Z', 'updated_on': '2024-01-28T10:53:04.335523Z'}
113


and it fails. Seems like the FILES_IGNORED is not considering the files . So what should be the best approach to skip this file , also I tried giving the fill file name as

FILES_IGNORED: 'identityserv_testing.cer' and even that does not work . Am I doing something wrong ?

what is the best approach ?
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2024

Hi @Mani Bala 

I will reach out to you on the support ticket you have just logged, I will be getting in touch with a developer of that pipe for further assistance.

Cheers!

- Ben (Bitbucket Cloud Support)

0 votes
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 29, 2024

@Mani Bala hi.

The problem is your secrets is under subfolder IdentityServer.UnitTests so the pipe with provided configuration `FILES_IGNORED: '*.cer'` does not exclude your secretsfile from this subfolder.

To make it work choose one of the options:

1. Direct path to file:

- pipe: atlassian/git-secrets-scan:1.5.0
   variables:
     FILES_IGNORED: 'IdentityServer.UnitTests/identityserver_testing.cer'

 2. Option with wildcards:

- pipe: atlassian/git-secrets-scan:1.5.0
   variables:
     FILES_IGNORED: '**/*.cer'

cc: @Ben .

Regards, Igor

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events