scan for secrets

.github/workflows/devsecops.yml

@@ -62,6 +62,10 @@ jobs:
         pip-licenses --format=json > licenses.json
         ./scripts/run-license-compliance.sh
 
+    - name: Scan for Secrets with Trufflehog
+      run: |
+        trufflehog .
+
       
       
 

report.json

@@ -0,0 +1,21 @@
+[
+  {
+    "rule": {
+      "id": "high-entropy",
+      "message": "High Entropy",
+      "severity": "MEDIUM"
+    },
+    "path": ".env",
+    "line": "2",
+    "secret": "KEY=ZGphbmduevLWluc2VjdXJlLWlnIXN6OXMlJG80Z24mQHJwb0BxcCNybiQtIT09YmI5aGMjaXB0bF5pIylhajI0dHJx",
+    "context": {
+      "2": "SECRET_KEY=ZGphbmduevLWluc2VjdXJlLWlnIXN6OXMlJG80Z24mQHJwb0BxcCNybiQtIT09YmI5aGMjaXB0bF5pIylhajI0dHJx"
+    },
+    "id": "01a5def8-83e4-3374-8547-2a3da92e8db3",
+    "branch": null,
+    "message": null,
+    "author": null,
+    "commit": null,
+    "date": null
+  }
+]

requirements.txt

@@ -1,5 +1,5 @@
 asgiref==3.6.0
-attrs==23.1.0
+attrs==20.3.0
 backports.zoneinfo==0.2.1
 beautifultable==1.1.0
 black==23.3.0
@@ -14,19 +14,25 @@ docopt==0.6.2
 drf-spectacular==0.26.2
 Faker==18.10.0
 flake8==7.0.0
+gitdb==4.0.11
+GitPython==3.1.41
 gunicorn==21.2.0
 importlib-resources==5.12.0
 inflection==0.5.1
 isort==5.12.0
+Jinja2==3.1.3
 json2html==1.3.0
 jsonschema==4.17.3
+MarkupSafe==2.1.5
 mccabe==0.7.0
 mypy-extensions==1.0.0
 packaging==23.1
 pathspec==0.11.1
 Pillow==9.5.0
+pip-licenses==4.3.4
 pkgutil_resolve_name==1.3.10
 platformdirs==3.5.1
+prettytable==3.10.0
 psycopg2-binary==2.9.6
 pycodestyle==2.11.1
 pyflakes==3.2.0
@@ -37,11 +43,13 @@ python-dateutil==2.8.2
 python-dotenv==1.0.0
 python-stdnum==1.18
 pytz==2023.3
-PyYAML==6.0
+PyYAML==6.0.1
 six==1.16.0
+smmap==5.0.1
 soupsieve==2.4.1
 sqlparse==0.4.4
 tomli==2.0.1
+trufflehog3==3.0.9
 typing_extensions==4.5.0
 uritemplate==4.1.1
 wcwidth==0.2.13