Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scanning for Secrets in Envs #124

Open
53845714nF opened this issue Jul 8, 2024 · 1 comment
Open

Scanning for Secrets in Envs #124

53845714nF opened this issue Jul 8, 2024 · 1 comment
Assignees
Labels
enhancement New feature or request

Comments

@53845714nF
Copy link

The tool should be able to find a Secret in Envs.
For Example, for images that are produced from such Dockerfile:

FROM docker.io/library/python:3.8
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

WORKDIR /app
COPY requirements.txt /app/
RUN pip install -r requirements.txt

ENV POSTGRES_HOST=database
ENV POSTGRES_USER=postgres
ENV POSTGRES_PASSWORD=postgres
ENV POSTGRES_DB=shopping_list

COPY . /app/

EXPOSE 8000
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]

It should report the Postgres password.

@ibreakthecloud ibreakthecloud added the enhancement New feature or request label Jul 9, 2024
@ibreakthecloud ibreakthecloud self-assigned this Jul 9, 2024
@ibreakthecloud
Copy link
Member

Hi @53845714nF thanks for raising the issue. This seems like an valid feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants