Skip to content

Add detect secrets #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
edthedev merged 9 commits into from
Jun 25, 2026
Merged

Add detect secrets #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0b6058f
Add missing yml files
zdc217 May 21, 2026
f7fae5b
Add detect secrets to .borg.toml
edthedev Jun 16, 2026
c9069af
Add note on how to regenerate .gitattributes
edthedev Jun 25, 2026
c9d0aaa
Update borg and gitattributes for detect secrets
edthedev Jun 25, 2026
e1251d8
SOAR Template is now authoritative for itself. There is nothing to ch…
edthedev Jun 25, 2026
21f54f0
Revert "SOAR Template is now authoritative for itself. There is nothi…
edthedev Jun 25, 2026
494d581
Test - check against upstream template
edthedev Jun 25, 2026
01e9832
Reapply "SOAR Template is now authoritative for itself. There is noth…
edthedev Jun 25, 2026
8776ca9
Test was before its time. Opened borg bug
edthedev Jun 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .borg.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ files_url = "https://raw.githubusercontent.com/techservicesillinois/splunk-soar-
files = [
# secdev-template-repository is authoritative for these
".github/workflows/cleanup.yml",
".github/workflows/detect-secrets.yml",
".github/workflows/pr_reminder.yml",
'.pre-commit-config.yaml',
'CODE_OF_CONDUCT.md',
'SECURITY.md',
# splunk-soar-template is authoritative for these
Expand Down
2 changes: 2 additions & 0 deletions .gitattributes
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions .github/workflows/detect-secrets.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

34 changes: 0 additions & 34 deletions .github/workflows/template_only_tests.yml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 2 additions & 23 deletions .secrets.baseline
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,27 +126,6 @@
"path": "detect_secrets.filters.heuristic.is_templated_secret"
}
],
"results": {
"CONTRIBUTING.md": [
{
"type": "Secret Keyword",
"filename": "CONTRIBUTING.md",
"hashed_secret": "088563a7442bb300a250c95dddf1d5c3d3a54b6c",
"is_verified": false,
"line_number": 52,
"is_secret": false
}
],
"tests/conftest.py": [
{
"type": "Secret Keyword",
"filename": "tests/conftest.py",
"hashed_secret": "088563a7442bb300a250c95dddf1d5c3d3a54b6c",
"is_verified": false,
"line_number": 14,
"is_secret": false
}
]
},
"generated_at": "2026-06-22T20:42:32Z"
"results": {},
"generated_at": "2026-05-21T19:54:49Z"
}
30 changes: 23 additions & 7 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ This document aims to outline the requirements for the various forms of contribu

All contributions are subject to review via pull request.

## Working from the template repository.
## Working from the template repository

> Remove this section from this document once these steps are completed.

- Replace all instances of APP_NAME in files
- Review the [application metadata][14] (app.json)
- Review the [application metadata][14] (app.json)
- add/remove configuration settings
- add/remove actions
- add `SOAR_HOSTNAME` and `SOAR_TOKEN` to GitHub secrets for deployment
Expand All @@ -20,7 +20,7 @@ All contributions are subject to review via pull request.

## Development Setup

### Setup PyEnv
### Setup PyEnv

1. [Install PyEnv](https://github.com/pyenv/pyenv#basic-github-checkout)

Expand All @@ -47,16 +47,17 @@ make test
## To record a new test cassette

Export the following variables

```sh
export APP_USERNAME="FAKE_USERNAME"
export APP_PASSWORD="FAKE_PASSWORD"
export APP_PASSWORD="FAKE_PASSWORD" # pragma: allowlist secret
export APP_ENDPOINT="cybersecurity.illinois.edu/robots.txt"
export VCR_RECORD=1
```

## Deployment

In GitHub, under
In GitHub, under
`Secrets` then `Actions` add the following `Repository Secrets`:

`SOAR_HOSTNAME` set to `automate-illinois.soar.splunkcloud.com`
Expand All @@ -66,9 +67,11 @@ In GitHub, under

To emit a log into the SOAR debug logs, use `self.debug_print`:

`self.debug_print("git_hash", __git_hash__)`
```python
self.debug_print("git_hash", __git_hash__)`
```

To read SOAR app DEBUG logs, visit SOAR `Administration` in the main drop-down, and look under `System Health` and then `Debugging`.
To read SOAR app DEBUG logs, visit SOAR `Administration` in the main drop-down, and look under `System Health` and then `Debugging`.

> Tip: You must have specific permissions assigned to your account to access this area.

Expand All @@ -78,3 +81,16 @@ SOAR logs are in the phantom folders, nested pretty deep.
Deployment logs are in `app_install`.

> For SOAR app logs, you may need to check multiple files, based on which broker your code ran on.

## Regenerating .gitattributes

Because this is a template repository, running `make .gitattributes` may fail due to any local changes to `.borg.toml` - because the changes have not yet been merged to `main` in this repository / in the authoritative template.

The work-around for this is to use `--source-dir` to point `borg` at the current working directory `.`, when calling `borg` to regenerate `.gitattirbutes`.

This command will work to regenerated `.gitattributes` even if the `.borg.toml` in the current branch has changed and not been merged into `main`, yet.

```sh
borg -s . gen .gitattributes
```

2 changes: 1 addition & 1 deletion tests/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
pytest_plugins = ("splunk-soar-connectors")

CASSETTE_USERNAME = "FAKE_USERNAME"
CASSETTE_PASSWORD = "FAKE_PASSWORD"
CASSETTE_PASSWORD = "FAKE_PASSWORD" # pragma: allowlist secret
CASSETTE_ENDPOINT = "cybersecurity.illinois.edu/robots.txt"

# To record, `export VCR_RECORD=True`
Expand Down
Loading