Telling tales on you for leaking secrets!

Overview

Sqealer

Squealer

Telling tales on you for leaking secrets!

Build Status codecov Go Report Card Github Release GitHub All Releases

Squealer scans a local git repository for secrets that are being leaked deep within the commit history.

The built-in configuration has the following checks;

AWS

  • access key id
  • access secret key

Github

  • github token

Slack

  • slack token OAUTH
  • webhook url

Other

  • Asymmetric Private Key

Sometimes we have secrets committed to our projects, generally we can invalidate them and move on. If squealer is telling tales about a secret that you are aware of and has been mitigated, you can use the exception rule found in the output to register it as ignored.

Installation

curl -s "https://raw.githubusercontent.com/owenrumney/squealer/main/scripts/install.sh" | bash

Usage

Squealer is intended to be run either locally or as part of a CI process.

./squealer --help
Telling tales on your secret leaking

Usage:
  squealer [flags]

Flags:
      --concise                Reduced output.
      --config-file string     Path to the config file with the rules.
      --debug                  Include debug output.
      --everything             Scan all commits.... everywhere.
      --from-hash string       The hash to work back to from the starting hash.
  -h, --help                   help for squealer
      --no-git                 Scan as a directory rather than a git history.
      --output-format string   The format that the output should come in (default, json, sarif.
      --redacted               Display the results redacted.
      --to-hash string         The most recent hash to start with.

Config File

rules:
- rule: (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
  description: Check for AWS Access Key Id
- rule: (?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]
  description: Check for AWS Secret Access Key
- rule: (?i)github[_\-\.]?token[\s:,="\]']+?(?-i)[0-9a-zA-Z]{35,40}
  description: Check for Github Token 
- rule: https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
  description: Check for Slack webhook
- rule: xox[baprs]-([0-9a-zA-Z]{10,48})?
  description: Check for Slack token
- rule: '-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'
  description: Check for Private Asymetric Key
ignore_paths:
- vendor
- node_modules
ignore_extensions:
- .zip
- .png
- .jpg
- .pdf
- .xls
- .doc
- .docx
exceptions:
- exception: release/update.go:D2IDetI6aidl58GE6dv5uAaWmXM=
  reason: This is a webhook that we got rid of - can be ignored in this file

Config breakdown

The config file is made up of the rules, ignore_prefixes, ignore_extensions and exceptions.

rules

Rules define the regular expression that is used to detect the secret. Requires a description for posterity.

ignore_paths

Ignore paths are folders that you don't want to look ing - generally vendor and the like.

ignore_extensions

Ignore extensions have the file types that won't be scanned. Binaries are automatically ignored.

exceptions

Exceptions are the entries that you've already handled and don't want to be reported any more.

Example Output

INFO[0000] Using a git scanner to process ../../tfsec/tfsec
INFO[0000] starting at hash 3bd04e7e17f2aad9e5f38826d88325798534a289

Content:      | access_key = "AKIAABCD12ABCDEF1ABC"
Filename:     | internal/app/tfsec/checks/aws044.go
Line No:      | 21
Secret Hash:  | bcE9jU2WV11OYs63eGHPZf1l9v8=
Commit:       | 4e68e1c5b3bc66982e4b7e6c5cc1c1642c87f83d
Committer:    | GitHub ([email protected])
Committed:    | 2020-10-21 21:59:22 +0100 +0100
Exclude rule: | internal/app/tfsec/checks/aws044.go:bcE9jU2WV11OYs63eGHPZf1l9v8=

Content:      | access_key = "AKIAABCD12ABCDEF1ABC"
Filename:     | docs-website/docs/aws/AWS044.md
Line No:      | 26
Secret Hash:  | bcE9jU2WV11OYs63eGHPZf1l9v8=
Commit:       | 8a7715f2cf5a2ac74a1e186792c476fd52ee1474
Committer:    | ¨Owen Rumney ([email protected])
Committed:    | 2021-01-24 19:04:27 +0000 +0000
Exclude rule: | docs-website/docs/aws/AWS044.md:bcE9jU2WV11OYs63eGHPZf1l9v8=

Processing:
  duration:     2.99s
  commits:      503
  commit files: 4095

transgressionMap:
  identified:   6
  ignored:      0
  reported:     2


INFO[0002] Exit code: 1

It's worth noting that these are known because they're examples in the documentation for tfsec - I can add them to the config.yaml as exclusions y using the Exclude rule

Credits

Image by Derangedmisfit

Issues
  • Bump golang from 1.16.2-alpine to 1.16.3-alpine

    Bump golang from 1.16.2-alpine to 1.16.3-alpine

    Bumps golang from 1.16.2-alpine to 1.16.3-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.0-alpine to 1.16.2-alpine

    Bump golang from 1.16.0-alpine to 1.16.2-alpine

    Bumps golang from 1.16.0-alpine to 1.16.2-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump gopkg.in/yaml.v2 from 2.2.8 to 2.4.0

    Bump gopkg.in/yaml.v2 from 2.2.8 to 2.4.0

    Bumps gopkg.in/yaml.v2 from 2.2.8 to 2.4.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/sirupsen/logrus from 1.2.0 to 1.8.0

    Bump github.com/sirupsen/logrus from 1.2.0 to 1.8.0

    ⚠️ Dependabot is rebasing this PR ⚠️

    If you make any changes to it yourself then they will take precedence over the rebase.


    Bumps github.com/sirupsen/logrus from 1.2.0 to 1.8.0.

    Release notes

    Sourced from github.com/sirupsen/logrus's releases.

    v1.8.0

    Correct versioning number replacing v1.7.1

    v1.7.1

    Code quality:

    • use go 1.15 in travis
    • use magefile as task runner

    Fixes:

    • small fixes about new go 1.13 error formatting system
    • Fix for long time race condiction with mutating data hooks

    Features:

    • build support for zos

    Add new BufferPool and LogFunction APIs

    • a new buffer pool management API has been added
    • a set of <LogLevel>Fn() functions have been added
    • the dependency toward a windows terminal library has been removed

    Release v1.6.0

    v1.5.0

    This new release introduces:

    • Ability to DisableHTMLEscape when using the JSON formatter: sirupsen/logrus#524
    • Support/fixes for go 1.14
    • Many many bugfixes

    v1.4.2

    No release notes provided.

    v1.4.1

    This new release introduces:

    • Enhance TextFormatter to not print caller information when they are empty (#944)
    • Remove dependency on golang.org/x/crypto (#932, #943)

    Fixes:

    • Fix Entry.WithContext method to return a copy of the initial entry (#941)

    v1.4.0

    This new release introduces:

    • Add DeferExitHandler, similar to RegisterExitHandler but prepending the handler to the list of handlers (semantically like defer) (#848).
    • Add CallerPrettyfier to JSONFormatter and `TextFormatter (#909, #911)
    • Add Entry.WithContext() and Entry.Context, to set a context on entries to be used e.g. in hooks (#919).

    Fixes:

    • Fix wrong method calls Logger.Print and Logger.Warningln (#893).
    • Update Entry.Logf to not do string formatting unless the log level is enabled (#903)

    ... (truncated)

    Changelog

    Sourced from github.com/sirupsen/logrus's changelog.

    1.8.0

    Correct versioning number replacing v1.7.1.

    1.7.1

    Beware this release has introduced a new public API and its semver is therefore incorrect.

    Code quality:

    • use go 1.15 in travis
    • use magefile as task runner

    Fixes:

    • small fixes about new go 1.13 error formatting system
    • Fix for long time race condiction with mutating data hooks

    Features:

    • build support for zos

    1.7.0

    Fixes:

    • the dependency toward a windows terminal library has been removed

    Features:

    • a new buffer pool management API has been added
    • a set of <LogLevel>Fn() functions have been added

    1.6.0

    Fixes:

    • end of line cleanup
    • revert the entry concurrency bug fix whic leads to deadlock under some circumstances
    • update dependency on go-windows-terminal-sequences to fix a crash with go 1.14

    Features:

    • add an option to the TextFormatter to completely disable fields quoting

    1.5.0

    Code quality:

    • add golangci linter run on travis

    Fixes:

    • add mutex for hooks concurrent access on Entry data
    • caller function field for go1.14
    • fix build issue for gopherjs target

    Feature:

    • add an hooks/writer sub-package whose goal is to split output on different stream depending on the trace level
    • add a DisableHTMLEscape option in the JSONFormatter
    • add ForceQuote and PadLevelText options in the TextFormatter

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/stretchr/testify from 1.6.1 to 1.7.0

    Bump github.com/stretchr/testify from 1.6.1 to 1.7.0

    Bumps github.com/stretchr/testify from 1.6.1 to 1.7.0.

    Release notes

    Sourced from github.com/stretchr/testify's releases.

    Minor improvements and bug fixes

    Minor feature improvements and bug fixes

    Commits
    • acba37e Only use repeatability if no repeatability left
    • eb8c41e Add more tests to mock package
    • a5830c5 Extract method to evaluate closest match
    • 1962448 Use Repeatability as tie-breaker for closest match
    • 92707c0 Fixed the link to not point to assert only
    • 05dd0b2 Updated the readme to point to pkg.dev
    • c26b7f3 Update assertions.go
    • 8fb4b24 [Fix] The most recent changes to golang/protobuf breaks the spew Circular dat...
    • dc8af72 add generated code for positive/negative assertion
    • 1544508 add assert positive/negative
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/spf13/cobra from 1.1.1 to 1.1.3

    Bump github.com/spf13/cobra from 1.1.1 to 1.1.3

    Bumps github.com/spf13/cobra from 1.1.1 to 1.1.3.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.1.3

    • Fix: release-branch.cobra1.1 only: Revert "Deprecate Go < 1.14" to maintain backward compatibility

    v1.1.2

    Notable Changes

    • Bump license year to 2021 in golden files (#1309) @Bowbaq
    • Enhance PowerShell completion with custom comp (#1208) @Luap99
    • Update gopkg.in/yaml.v2 to v2.4.0: The previous breaking change in yaml.v2 v2.3.0 has been reverted, see go-yaml/yaml#670
    • Documentation readability improvements (#1228 etc.) @zaataylor etc.
    • Use golangci-lint: Repair warnings and errors resulting from linting (#1044) @umarcor
    Changelog

    Sourced from github.com/spf13/cobra's changelog.

    v1.1.3

    • Fix: release-branch.cobra1.1 only: Revert "Deprecate Go < 1.14" to maintain backward compatibility

    v1.1.2

    Notable Changes

    • Bump license year to 2021 in golden files (#1309) @Bowbaq
    • Enhance PowerShell completion with custom comp (#1208) @Luap99
    • Update gopkg.in/yaml.v2 to v2.4.0: The previous breaking change in yaml.v2 v2.3.0 has been reverted, see go-yaml/yaml#670
    • Documentation readability improvements (#1228 etc.) @zaataylor etc.
    • Use golangci-lint: Repair warnings and errors resulting from linting (#1044) @umarcor
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0

    Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0

    Bumps github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0.

    Release notes

    Sourced from github.com/go-git/go-git/v5's releases.

    v5.3.0

    Change Log

    • transport: ssh, fix cloning large repositories #272 (dcu)
    • diff: Allow srcPrefix and dstPrefix to be configured #265 (yabberyabber)
    • Remote: add RequireRemoteRefs to PushOptions #258 (asuffield)
    • plumbing: gitignore, Fix gitconfig path in LoadSystemPatterns doc #256 (andrewarchi)
    • plumbing: wire up contexts for Transport.AdvertisedReferences #246 (asuffield)
    • worktree: Don't remove root directory when cleaning #230 (hansmi)
    • *: add insecureSkipTLS and cabundle #228 (StrongMonkey)
    • git: worktree_commit, just store objects not already stored #224 (jsteuer)
    • plumbing: packp: adding "object-format" and "filter" capabilities #222 (rofc)
    • Submodule: fix relative submodule resolution #195 (adracus)
    • git: worktree, Support relative submodule URL. #184 (mikyk10)
    • config: add init.defaultBranch to the config #178 (tomlazar)
    • config: support insteadOf for remotes' URLs #79 (kostyay)
    Commits
    • d5ed15d plumbing: transport/ssh, fix no agent test on windows
    • b0ef4d4 go modules updated
    • 4ac486c github-action: update go version
    • 9d995cb *: fix flaky test
    • e5bbc4d plumbing: wire up contexts for Transport.AdvertisedReferences (#246)
    • 1f32838 transport: ssh, fix cloning large repositories (#272)
    • bf3471d add RequireRemoteRefs to PushOptions (#258)
    • 55ba7b2 diff: Allow srcPrefix and dstPrefix to be configured (#265)
    • 4519f59 plumbing: gitignore, Fix gitconfig path in LoadSystemPatterns doc (#256)
    • c66023a git: worktree_commit, just store objects not already stored (#224)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.2-alpine to 1.16.4-alpine

    Bump golang from 1.16.2-alpine to 1.16.4-alpine

    Bumps golang from 1.16.2-alpine to 1.16.4-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump github.com/spf13/cobra from 1.1.3 to 1.2.1

    Bump github.com/spf13/cobra from 1.1.3 to 1.2.1

    Bumps github.com/spf13/cobra from 1.1.3 to 1.2.1.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.2.1

    Bug fixes

    • Quickfix for spf13/cobra#1437 after v1.2.0 where parallel use of the cmd.RegisterFlagCompletionFunc() (and subsequent map) now works correctly and flag completions now work again

    v1.2.0 - The completions release

    :stars: v1.2.0 - The completions release

    Welcome to v1.2.0 of Cobra! This release focuses on code completions, several critical bug fixes, some documentation updates, and security bumps. Upgrading should be simple but note please take note of the introduction of completions V2 and their default use. The v1 completions library is still available, but will be deprecated in the future. Please open an issue with any problems!


    New Features

    • Automatically adds completion command for shell completions. If a completion command is already provided, uses that instead. This will automatically provide shell completions for bash, zsh, fish, and PowerShell spf13/cobra#1192
      • Users can configure the command auto creation:
        • disable the creation of the completion command
        • disable completion descriptions
        • disable the --no-descriptions flag for "always on" completion descriptions
    • Introduction of bash completions V2, a uniform completion approach which include completion descriptions. The V1 bash completions are still available and will be deprecated in a latter release - spf13/cobra#1146
      • Note that projects providing completion through a different command name (say a command named "complete") will continue to use v1 for their own command but will also provide cobra's implicit "completion" command which will use v2, unless of course, these projects take the time to disable the default "completion" command as noted above.
    • Commands now support context being passed to completions - spf13/cobra#1265
    • Removed dependency onmitchellh/go-homedir in favor of core Go os.UserHomeDir() - https://github.com/spf13/cobra/commit/8eaca5f0f49ad747a0722d39dca7a75c34abd21a

    Bug Fixes

    • Fix trailing whitespace not being handled in powershell completion scripts spf13/cobra#1342
    • Bash completion variable leak fix spf13/cobra#1352
    • Fish shell completions correctly ignore trailing empty lines spf13/cobra#1284
    • PowerShell completions fix for "no file comp directive" - spf13/cobra#1363
    • Custom completions now correctly handle multiple shorthand flags together - spf13/cobra#1258
    • zsh completions now correctly handle ShellDirectiveCompletionNoSpace and file completion all the time - spf13/cobra#1213
    • Multiple fixes / improvements to the fish shell support - spf13/cobra#1249
    • Fix home directory config not loading correctly - spf13/cobra#1282
    • Fix for RegisterFlagCompletionFunc as a global var not working in multi-threaded programs: spf13/cobra#1423
    • Custom completions correctly do not complete flags after args when interspersed is false #1308

    Testing

    Security

    • Bump viper to 1.8.1. This corrects several issues with vulnerabilities existing in the dependency tree - spf13/cobra#1433

    Other

    Thank you to all our amazing contributors :snake::rocket:

    Changelog

    Sourced from github.com/spf13/cobra's changelog.

    Cobra Changelog

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Bump github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11

    Bump github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11

    Bumps github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11.

    Release notes

    Sourced from github.com/owenrumney/go-sarif's releases.

    v1.0.11

    Changelog

    9f33854 Bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4 ed99015 Merge pull request #21 from owenrumney/dependabot/go_modules/github.com/zclconf/go-cty-1.8.4

    Commits
    • ed99015 Merge pull request #21 from owenrumney/dependabot/go_modules/github.com/zclco...
    • 9f33854 Bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Integrate pr commenter

    Integrate pr commenter

    opened by owenrumney 0
  • Add entropy option to rule

    Add entropy option to rule

    opened by owenrumney 0
Releases(v0.2.28)
Owner
Owen Rumney
Owen Rumney
A containerd runc shim for replacing environment variables with external secrets

ext-secrets-runc-shim A containerd, runc-based, shim for replacing environment variables with secrets from arbitrary external engines. Quickstart Inst

Pelotech 4 Jul 18, 2021
Find secrets and passwords in container images and file systems

Find secrets and passwords in container images and file systems

null 1k Jul 24, 2021
Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

Jarmo Pertman 25 Apr 12, 2021
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.2k Jul 22, 2021
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

HashiCorp 21.5k Jul 20, 2021
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

gilfoyle97 72 Jul 18, 2021
How to systematically secure anything: a repository about security engineering

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

Veeral Patel 6.1k Jul 23, 2021
Implementation of Secret Service API

Secret Service Implementation of Secret Service API What does this project do? By using secret service, you don't need to use KeePassXC secretservice

Remisa Yousefvand 22 Jul 21, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.3k Jul 16, 2021
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

age age is a simple, modern and secure file encryption tool, format, and library. It features small explicit keys, no config options, and UNIX-style c

Filippo Valsorda 6.4k Jul 21, 2021
Friends don't let friends leak secrets on their terminal window

senv - safer env Friends don't let friends leak secrets in terminal windows. ?? Print your environment to the terminal without worry.

null 80 Jun 20, 2021
Cossack Labs 777 Jul 26, 2021
Secure software enclave for storage of sensitive information in memory.

MemGuard Software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being expos

Awn 2k Jul 14, 2021
A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting Family project Table of Contents Weapons Contribute Thanks to con

HAHWUL 241 Jul 15, 2021