Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
      • Pod
    • Helm Chart
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
    • MetalLB
    • Kong Gateway
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • DevSecOps
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log, Monitor & Tracing
    • DataDog
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
    • NextCloud
  • Toggle search form

[Talisman/DevSecOps] Discover the sensitive information in your code.

Posted on March 28, 2023May 27, 2023 By nim No Comments on [Talisman/DevSecOps] Discover the sensitive information in your code.

Contents

  • Git Hooks and Talisman Introduction
  • HandsOn – Talisman
  • Run talisman on Github Action.

Git Hooks and Talisman Introduction

HandsOn – Talisman

thực hiện kiểm tra hook trong code dưới laptop.

ls -ltr .git/hooks/

Thực hiện cài đặt Talisman trên máy của bạn

Bạn thấy pre-push sẽ được thê trong hook của git

Bạn có thể setup scankhi commit.

Khi bạn thúc hiện commit thì talisman sẽ scan repo trước khi commit

root@controlplane kubernetes-devops-security on  master [?] is 📦 v0.0.1 via ☕ v11.0.16 ➜  git add .

root@controlplane kubernetes-devops-security on  master [+] is 📦 v0.0.1 via ☕ v11.0.16 ➜  git commit -m "Hoc DevSecOps"
Talisman Scan: 12 / 12 <------------------------------------------------------------------------------------------------------------------------------------------------------------------> 100.00%  

Talisman Report:
+-----------------+------------------------------------------------------+----------+
|      FILE       |                        ERRORS                        | SEVERITY |
+-----------------+------------------------------------------------------+----------+
| public/access   | Expected file to not to contain                      | high     |
|                 | base64 encoded texts such as:                        |          |
|                 | base64encodedsecret=cGFzc3dvcmQtaXMtcXdlcnR5MTI...   |          |
+-----------------+------------------------------------------------------+----------+
| public/access   | Potential secret pattern :                           | low      |
|                 | base64encodedsecret=cGFzc3dvcmQtaXMtcXdlcnR5MTIzCg== |          |
|                 |                                                      |          |
+-----------------+------------------------------------------------------+----------+
| public/access   | Potential secret pattern :                           | low      |
|                 | aws_access_key_id=VYEN23LCJGLTDPMSWQAL               |          |
|                 |                                                      |          |
+-----------------+------------------------------------------------------+----------+
| public/access   | Potential secret pattern :                           | high     |
|                 | aws_access_key_id=                                   |          |
+-----------------+------------------------------------------------------+----------+
| public/info.txt | Potential secret pattern :                           | low      |
|                 | apikey=AizaSyCqhjgrPtr_La56sdUkjfav_laCqhjgrPtr_2s   |          |
|                 |                                                      |          |
+-----------------+------------------------------------------------------+----------+


If you are absolutely sure that you want to ignore the above files from talisman detectors, consider pasting the following format in .talismanrc file in the project root

fileignoreconfig:
- filename: public/access
  checksum: d1ae8eb1f6393e04794a7b2b2eaf827e7d023465a60a1fbf0306957a8c0f59af
- filename: public/info.txt
  checksum: 6243a12e75e189f4e89626324b2234cd4f63c25d3779212145e37c6f1e7a8138
version: ""

Talisman done in 55.523949ms
root@controlplane kubernetes-devops-security on  master [!+] is 📦 v0.0.1 via ☕ v11.0.16 ✖ git add .

root@controlplane kubernetes-devops-security on  master [+] is 📦 v0.0.1 via ☕ v11.0.16 ➜  git commit -m "Hoc DevSecOps v2"
Talisman Scan: 12 / 12 <------------------------------------------------------------------------------------------------------------------------------------------------------------------> 100.00%  

Talisman Report:
+-----------------+----------------------------------------------------+----------+
|      FILE       |                       ERRORS                       | SEVERITY |
+-----------------+----------------------------------------------------+----------+
| public/info.txt | Potential secret pattern :                         | low      |
|                 | apikey=AizaSyCqhjgrPtr_La56sdUkjfav_laCqhjgrPtr_2s |          |
|                 |                                                    |          |
+-----------------+----------------------------------------------------+----------+


If you are absolutely sure that you want to ignore the above files from talisman detectors, consider pasting the following format in .talismanrc file in the project root

fileignoreconfig:
- filename: public/info.txt
  checksum: 6243a12e75e189f4e89626324b2234cd4f63c25d3779212145e37c6f1e7a8138
version: ""

Talisman done in 15.157062ms


Chạy command:
https://praveen-alex-mathew.medium.com/running-talisman-cli-in-the-gitlab-ci-servers-29f15af7b1c7
https://www.digitalocean.com/community/tutorials/python-simplehttpserver-http-server

talisman --scan --ignoreHistory

Run talisman on Github Action.

https://github.com/carhartl/talisman-secrets-scan-action/blob/main/Dockerfile

DevSecOps

Post navigation

Previous Post: [Prometheus/Grafana] Install Prometheus and Grafana on ubuntu.
Next Post: Experiences for IP Addresses Shortage on EKS Clusters

More Related Articles

[Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes. DevSecOps
[DAST] OWASP ZAP – Understand about Dynamic Application Security Testing DevSecOps
[DevSecOps/TruffleHog] Find your repository’s secrets, sensitive words, and credentials. DevSecOps
[DevSecOps] What is DevSecOps DevSecOps
[OPA Conftest] general-purpose policy engine DevSecOps
[Falco] Detect and watch all commands in your Kubernetes cluster DevSecOps

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [AWS] Look into Data Transfer on AWS May 30, 2023
  • [Ddosify] How to test the application performance with Ddosify. May 30, 2023
  • [DevSecOps/TruffleHog] Find your repository’s secrets, sensitive words, and credentials. May 29, 2023
  • [DevSecOps] Tìm hiểu về thu thập thông tin. May 25, 2023
  • [coralogix/OpenTelemetry] Monitor Your K8s by Coralogix and OpenTelemetry Collector. May 24, 2023

Archives

  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
    • NextCloud
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • DevSecOps
    • Golang
    • Jquery & JavaScript
    • Laravel
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kong Gateway
    • Kubernetes
      • Ingress
      • Pod
    • Longhorn – Storage
    • MetalLB
    • Vault
    • VictoriaMetrics
  • Log, Monitor & Tracing
    • DataDog
    • ELK
      • Kibana
      • Logstash
    • Fluent
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2023 NimTechnology.