-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-generated baselines by 1ES Pipeline Templates #4309
Conversation
FWIW, the cred-scan violation is from this code in a test file: // Standard secrets
expectedPassword := "P@55w0rd!"
err = azdConfig.SetSecret("secrets.password", expectedPassword)
require.NoError(t, err)
err = azdConfig.SetSecret("infra.provisioning.sqlPassword", expectedPassword)
require.NoError(t, err) In this case, I can go change this string to something else if that's going to make cred-scan happy, but I'd rather just add some indefinite baseline (or annotate it in the source such that Cred Scan starts to ignore it). @weshaggard do you know what the best thing for me to do here is? I noticed in this generated file the baseline had an expiration date and we need a long term story for this test code. |
Baselining is only supposed to be temporary. We will want to add this to the suppression file instead https://github.com/Azure/azure-dev/blob/main/eng/CredScanSuppression.json, see https://dev.azure.com/azure-sdk/internal/_wiki/wikis/internal.wiki/623/Cred-scan-failure-troubleshooting |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets not merge this as @benbp and I are still figuring out some of this baselining stuff.
Will merge #4312 then this. |
/check-enforcer override |
No description provided.