Skip to content

Secrets Scanning

Opportunity

OSDU source code may contain secrets. In efforts to increase security of the platform sensitive information such as secrets should not be hard coded within the source code.

Solution

Implement a solution that will scan source code for secrets.

Recommendation

  • Tools: Update gitlab-ultimate.yml file to include Gitlab's secret scanning capabilities. Leverage David Diederich's secret scanning tool on all projects.
  • Implementation: If possible, implement scanning solution in "audit" mode to determine what secrets are detected to determine false positives and provide least amount of business disruption. Once evaluation is completed the scanners should be modified to fail the build if secrets are detected.
  • Reporting & Monitoring: OSDU InfoSec team will monitor "event" logs for detection of secrets.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information