From 0ba197d1bb2cc5dfaa11e544a78c2f370570af07 Mon Sep 17 00:00:00 2001 From: ingyhere Date: Tue, 19 Mar 2024 00:12:48 -0700 Subject: [PATCH] Issue #110: Edit text with updates. Added current Python Starter Kit template to explanation. ... Minor edits. --- .../software-lifecycle/security/secrets-detection/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/software-lifecycle/security/secrets-detection/README.md b/docs/guides/software-lifecycle/security/secrets-detection/README.md index efd69b88c..8bbc57fa0 100644 --- a/docs/guides/software-lifecycle/security/secrets-detection/README.md +++ b/docs/guides/software-lifecycle/security/secrets-detection/README.md @@ -4,7 +4,7 @@ ## Introduction -**Background**: Sensitive information like API keys, passwords or tokens may inadvertently be committed to your repository. Such slip-ups can pose significant security risks. We recommend not only recurring scans for sensitive information, but proactively preventing sensitive information from getting infused. To support these goals, we recommend a tool called [detect-secrets](https://github.com/Yelp/detect-secrets) that mitigates these risks. It scans for common sensitive information categories like passwords and other high-entropy values that contain sensitive data. It also provides a plugin system to support additional customization. It's fast for use in continuous integration pipelines and quickly executes on local-developer machines. It has a "baseline file" approach, leveraging `.secrets.baseline`, that streamlines management of legitimate secrets and reduces false positives. This helps both new and established projects detect and prevent secrets getting from entering the code base. +**Background**: Sensitive information like API keys, passwords or tokens may inadvertently be committed to your repository. Such slip-ups can pose significant security risks. We recommend not only recurring scans for sensitive information, but proactively preventing sensitive information from getting infused. To support these goals, we recommend a tool called [detect-secrets](https://github.com/Yelp/detect-secrets) that mitigates these risks. It scans for common sensitive information categories like passwords and other high-entropy values that contain sensitive data. It also provides a plugin system to support additional customization. It's fast for use in continuous integration pipelines and quickly executes on local-developer machines. It uses a "baseline file" approach, leveraging `.secrets.baseline`, that streamlines management of legitimate secrets and reduces false positives. This helps both new and established projects detect and prevent secrets from entering the code base. **Use Cases**: - Finding and preventing commits of sensitive information such as: