Skip to main content

Identify security leaks in code

 

We will be using Gitleaks software to find security leaks. Here are the steps to identify leaks in your code repo -

  1. Install gitleaks on your local machine. Click here to install. Check if it is installed successfully on your local machine. 
    Website> gitleaks --version
    If its installed, it should show version of gitleaks.

  2. Download sample.config file(see attachment) and copy on your local machine(this is the sample file with configuration/rules, you may change it as per your requirements).

  3. Now git clone the repo on your local machine and goto your code folder.

  4. Once you are in code folder, run gitleaks command.
    Website> gitleaks --path=./ --config-path=../sample.config --verbose where, --path=./ => path of .git folder --config-path=../sample.config => path of sample.config file You can also download the report of leaks for sharing it with your team - Website> gitleaks -v --pretty --path [RepoPath] --config-path=../sample.config --report= [PathtosaveReport] where, --report = [PathtosaveReport] => Give the folder path where report should be saved.

  5. It will take time from 1 minute to 30 minutes depending upon the size of folder and history. 

(output of the gitleaks command)

🏀  Keep learning and sharing to build a strong community. 


Comments

Post a Comment

Popular posts from this blog

AJAX Progrraming

Ajax , shorthand for Asynchronous JavaScript and XML , is a web development technique for creating interactive web applications. The intent is to make web pages feel more responsive by exchanging small amounts of data with the server behind the scenes, so that the entire web page does not have to be reloaded each time the user requests a change. This is meant to increase the web page's interactivity, speed, and usability. The Ajax technique uses a combination of: XHTML (or HTML) and CSS, for marking up and styling information. The DOM accessed with a client-side scripting language, especially JavaScript and JScript, to dynamically display and interact with the information presented. The XMLHttpRequest object is used to exchange data asynchronously with the web server. In some Ajax frameworks and in certain situations, an IFrame object is used instead of the XMLHttpRequest object to exchange data with the web server, and in other implementations, dynamically added tags may be used. ...
131 comments
Read more

Nutch crawler and integration with Solr

Before moving ahead with this article, I assume you have Solr installed and running. If you would like to install Solr on windows, mac or via docker, please read Setup a Solr instance . There are several ways to install nutch which you can read from Nutch tutorial , however I have written this article for those who would like to install nutch using docker. I tried finding help on google but could not find any help for nutch installation using docker and spent good amount of time fixing issues specific to it. Therefore I have written this article to help and save time of other developers. Install nutch using docker- 1. Pull docker image of nutch using below command,      > docker pull apache/nutch 2. Once image is pulled, run the container,      > docker run -t -i -d --name nutchcontainer apache/nutch /bin/bash 3. You should be able to enter in the container and see bash prompt,      > bash-5.1#  Let's setup few important setting...
3 comments
Read more

Could not load file or assembly 'Microsoft.Web.Infrastructure'

Could not load file or assembly 'Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. What 'Micorosoft.Web.Infrastructure' does? This dll lets HTTP modules register at run time. Solution to above problem: Copy 'Micorosoft.Web.Infrastructure' dll in bin folder of your project and this problem should be resolved. If you have .Net framework installed on machine, this dll should be present on it. You can search for this dll and copy it in your active project folder.   Alternatively,  you can install this dll using nuget package manager PM> Install-Package Microsoft.Web.Infrastructure -Version 1.0.0 Happy coding!!
6 comments
Read more