diff options
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/py-detect-secrets/Makefile | 23 | ||||
| -rw-r--r-- | security/py-detect-secrets/distinfo | 3 | ||||
| -rw-r--r-- | security/py-detect-secrets/pkg-descr | 20 |
4 files changed, 47 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index d277abd90f4d..a45a92d6d43a 100644 --- a/security/Makefile +++ b/security/Makefile @@ -883,6 +883,7 @@ SUBDIR += py-cryptography-vectors SUBDIR += py-ctypescrypto SUBDIR += py-cybox + SUBDIR += py-detect-secrets SUBDIR += py-dfdatetime SUBDIR += py-dfvfs SUBDIR += py-dfwinreg diff --git a/security/py-detect-secrets/Makefile b/security/py-detect-secrets/Makefile new file mode 100644 index 000000000000..73cc35efb8e3 --- /dev/null +++ b/security/py-detect-secrets/Makefile @@ -0,0 +1,23 @@ +PORTNAME= detect-secrets +PORTVERSION= 1.4.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= detect_secrets-${PORTVERSION} + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Tool for detecting secrets in the codebase +WWW= https://github.com/Yelp/detect-secrets + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yaml>=0:devel/py-yaml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} + +USES= python:3.7+ +USE_PYTHON= autoplist concurrent distutils + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/py-detect-secrets/distinfo b/security/py-detect-secrets/distinfo new file mode 100644 index 000000000000..bb19926aafda --- /dev/null +++ b/security/py-detect-secrets/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1679498504 +SHA256 (detect_secrets-1.4.0.tar.gz) = d56787e339758cef48c9ccd6692f7a094b9963c979c9813580b0169e41132833 +SIZE (detect_secrets-1.4.0.tar.gz) = 94954 diff --git a/security/py-detect-secrets/pkg-descr b/security/py-detect-secrets/pkg-descr new file mode 100644 index 000000000000..4d4944d57bba --- /dev/null +++ b/security/py-detect-secrets/pkg-descr @@ -0,0 +1,20 @@ +detect-secrets is an aptly named module for (surprise, surprise) detecting +secrets within a code base. + +However, unlike other similar packages that solely focus on finding secrets, +this package is designed with the enterprise client in mind: providing a +backwards compatible, systematic means of: + 1. Preventing new secrets from entering the code base, + 2. Detecting if such preventions are explicitly bypassed, and + 3. Providing a checklist of secrets to roll, and migrate off to a more secure + storage. + +This way, you create a separation of concern: accepting that there may currently +be secrets hiding in your large repository (this is what we refer to as a +baseline), but preventing this issue from getting any larger, without dealing +with the potentially gargantuan effort of moving existing secrets away. + +It does this by running periodic diff outputs against heuristically crafted +regex statements, to identify whether any new secret has been committed. This +way, it avoids the overhead of digging through all git history, as well as the +need to scan the entire repository every time. |