Skip to content

created a security scan for secrets #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Imambash6 wants to merge 12 commits into
base: main
Choose a base branch
from
Open

created a security scan for secrets #91

Imambash6 wants to merge 12 commits into from

Conversation

@Imambash6
Copy link

@Imambash6 Imambash6 commented Feb 18, 2025

Used trufllehog to rrun a workflow check in the pipeline at the point of push to main branch and PR

snyk-bot and others added 7 commits January 17, 2025 07:31
@snyk-bot
fix: upgrade lucide-react from 0.424.0 to 0.469.0
0d630b9 
Snyk has created this PR to upgrade lucide-react from 0.424.0 to 0.469.0.

See this package in npm:
lucide-react

See this project in Snyk:
https://app.snyk.io/org/imambash6-nW84AQcTeBzS964s3SGwoH/project/07aa8130-1c7a-4eb9-8989-9687d2460146?utm_source=github&utm_medium=referral&page=upgrade-pr
@Imambash6
Merge pull request #1 from Imambash6/snyk-upgrade-b15b8dea3dc3f11c971…
72d1bc8 
…eed4458bf40f3

[Snyk] Upgrade lucide-react from 0.424.0 to 0.469.0
@Imambash6
Create workflows.yml
55d544f
@snyk-bot
fix: upgrade lucide-react from 0.469.0 to 0.474.0
f2ebc73 
Snyk has created this PR to upgrade lucide-react from 0.469.0 to 0.474.0.

See this package in npm:
lucide-react

See this project in Snyk:
https://app.snyk.io/org/imambash6-nW84AQcTeBzS964s3SGwoH/project/07aa8130-1c7a-4eb9-8989-9687d2460146?utm_source=github&utm_medium=referral&page=upgrade-pr
@Imambash6
Merge pull request #2 from Imambash6/snyk-upgrade-8d6948bb7f9b12896d4…
e0b34f3 
…492866e831805

[Snyk] Upgrade lucide-react from 0.469.0 to 0.474.0
@Imambash6
Merge branch 'tobySolutions:main' into main
474ec42
@Imambash6
Create security-scan.yml
efa1496
@tobySolutions
Copy link
Owner

tobySolutions commented May 6, 2025

Feedback

Style

  • The diff is generally well-formatted and easy to read.
  • However, the new file .github/workflows.yml seems empty, which might be a mistake.

Security

  • A security scan using TruffleHog has been added, which is a good practice.
  • The continue-on-error: true flag in the TruffleHog step might allow vulnerabilities to go unnoticed if not properly monitored.

Performance

  • No significant performance-related changes are introduced in this diff.
  • The addition of a security scan might slightly increase build times.

Design

  • The introduction of a security scan is a good design choice, as it helps prevent secret leaks.
  • The update of lucide-react from 0.424.0 to 0.474.0 seems minor and unlikely to cause issues, but its necessity should be verified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Imambash6 @tobySolutions @snyk-bot