Skip to content

created a security scan for secrets #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

created a security scan for secrets #91

wants to merge 7 commits into from

Conversation

Imambash6
Copy link

Used trufllehog to rrun a workflow check in the pipeline at the point of push to main branch and PR

snyk-bot and others added 7 commits January 17, 2025 07:31
@snyk-bot
fix: upgrade lucide-react from 0.424.0 to 0.469.0
0d630b9 
Snyk has created this PR to upgrade lucide-react from 0.424.0 to 0.469.0.

See this package in npm:
lucide-react

See this project in Snyk:
https://app.snyk.io/org/imambash6-nW84AQcTeBzS964s3SGwoH/project/07aa8130-1c7a-4eb9-8989-9687d2460146?utm_source=github&utm_medium=referral&page=upgrade-pr
@Imambash6
Merge pull request #1 from Imambash6/snyk-upgrade-b15b8dea3dc3f11c971…
72d1bc8 
…eed4458bf40f3

[Snyk] Upgrade lucide-react from 0.424.0 to 0.469.0
@Imambash6
Create workflows.yml
55d544f
@snyk-bot
fix: upgrade lucide-react from 0.469.0 to 0.474.0
f2ebc73 
Snyk has created this PR to upgrade lucide-react from 0.469.0 to 0.474.0.

See this package in npm:
lucide-react

See this project in Snyk:
https://app.snyk.io/org/imambash6-nW84AQcTeBzS964s3SGwoH/project/07aa8130-1c7a-4eb9-8989-9687d2460146?utm_source=github&utm_medium=referral&page=upgrade-pr
@Imambash6
Merge pull request #2 from Imambash6/snyk-upgrade-8d6948bb7f9b12896d4…
e0b34f3 
…492866e831805

[Snyk] Upgrade lucide-react from 0.469.0 to 0.474.0
@Imambash6
Merge branch 'tobySolutions:main' into main
474ec42
@Imambash6
Create security-scan.yml
efa1496
@tobySolutions
Copy link
Owner

Feedback

Style

  • The diff is generally well-formatted and easy to read.
  • However, the new file .github/workflows.yml seems empty, which might be a mistake.

Security

  • A security scan using TruffleHog has been added, which is a good practice.
  • The continue-on-error: true flag in the TruffleHog step might allow vulnerabilities to go unnoticed if not properly monitored.

Performance

  • No significant performance-related changes are introduced in this diff.
  • The addition of a security scan might slightly increase build times.

Design

  • The introduction of a security scan is a good design choice, as it helps prevent secret leaks.
  • The update of lucide-react from 0.424.0 to 0.474.0 seems minor and unlikely to cause issues, but its necessity should be verified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Imambash6 @tobySolutions @snyk-bot