DevSecOps/DevSecOps-Lab
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DevSecOps-Lab/PR_DESCRIPTION.md

1.8 KiB
Raw Permalink Blame History

🔒 Feature: Enhanced TruffleHog Secret Detection Testing

Purpose

This feature branch contains intentional test secrets to validate our enhanced TruffleHog configuration and ensure proper secret detection in our DevSecOps CI/CD pipeline.

Changes Made

  • Added comprehensive test secrets to backend/server.js:
    • AWS Access Key & Secret Access Key
    • GitHub Personal Access Token
    • Database Password
    • JWT Secret Key
    • Stripe Secret Key
    • SendGrid API Key
    • Slack Webhook URL
    • MongoDB Connection String

Expected DevSecOps Pipeline Behavior

🚨 This PR should FAIL the Jenkins build due to secret detection:

  1. Jenkins Pipeline Trigger: PR creation should trigger multibranch pipeline
  2. Secret Scan Stage: TruffleHog should scan local workspace (trufflehog filesystem . --fail)
  3. Multiple Secret Detection: Should detect 8+ different types of secrets
  4. Build Failure: Pipeline should fail at "Secret Scan" stage
  5. Security Gate: PR should be blocked from merging

DevSecOps Learning Objectives

This feature validates our security controls:

  • Local workspace scanning (vs remote GitHub scanning)
  • Multiple secret pattern detection
  • CI/CD security gate enforcement
  • Automated security failure notifications

Merge Strategy

Target Branch: development

Post-Validation Steps

After confirming TruffleHog detection works:

  1. Remove all test secrets from server.js
  2. Update PR to pass security scan
  3. Merge clean code into development
  4. Document security scanning success

⚠️ SECURITY WARNING: This PR contains test secrets and should NOT be merged until all secrets are removed!

📚 DevSecOps Learning: This demonstrates "shift-left" security practices by catching secrets early in the development cycle.

Reference in New Issue View Git Blame Copy Permalink