Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Trufflehog version with pre-commit #4062

Closed
noklam opened this issue Aug 5, 2024 · 3 comments
Closed

Update Trufflehog version with pre-commit #4062

noklam opened this issue Aug 5, 2024 · 3 comments
Assignees
@ElenaKhaustova
Labels
Component: DevSetup Issue/PR that addresses technical setup of the project repository
Milestone
DevOps and DevSet...

Comments

@noklam
Copy link
Contributor

noklam commented Aug 5, 2024

Context

We have been using Trufflehog for scanning security issue with the code base. They stopped update the Python version years ago but maintain a pre-commit hook that can be used.

Description

Replace the dependency with pre-commit hook instead.

Trufflehog stop releaseing Python Package years ago, they still have a pre-commit docker version maybe we should use this instead. https://docs.trufflesecurity.com/pre-commit-hooks

Yes, let's replace it!

Originally posted by @merelcht in #4005 (comment)
@merelcht merelcht added the Component: DevSetup Issue/PR that addresses technical setup of the project repository label Aug 12, 2024
@github-actions github-actions bot mentioned this issue Sep 1, 2024
Closed
@merelcht merelcht added this to the DevOps and DevSetup cleanup milestone Oct 22, 2024
@merelcht merelcht moved this to To Do in Kedro Framework Nov 25, 2024
@ElenaKhaustova ElenaKhaustova self-assigned this Jan 3, 2025
@ElenaKhaustova ElenaKhaustova moved this from To Do to In Progress in Kedro Framework Jan 3, 2025
@ElenaKhaustova
Copy link
Contributor

The issue here is that in order to run it locally with pre-commit we still need the package to be installed for entry https://github.com/trufflesecurity/trufflehog?tab=readme-ov-file#pre-commit-hook. Otherwise, we can run it only via docker but we probably don't want to make docker a requirement for local runs.

For CI, we can use GitHub Action: https://github.com/trufflesecurity/trufflehog?tab=readme-ov-file#octocat-trufflehog-github-action, but the most value comes from local runs to prevent committing credentials.

So we can use the maintained version from the repo at the CI but not locally. We can still make it a pre-commit hook with the current Trufflehog package, or maybe it makes sense to search for other packages to replace it.

@ElenaKhaustova
Copy link
Contributor

After a discussion with the team, it was decided to replace trufflehog.

Considered alternatives for trufflehog:

@ElenaKhaustova ElenaKhaustova mentioned this issue Jan 8, 2025
Merged
7 tasks
@ElenaKhaustova ElenaKhaustova moved this from In Progress to In Review in Kedro Framework Jan 8, 2025
@ElenaKhaustova ElenaKhaustova moved this from In Review to In Progress in Kedro Framework Jan 10, 2025
@ElenaKhaustova
Copy link
Contributor

Moved in back to In Progress to apply the same changes to plugins repo.

@ElenaKhaustova ElenaKhaustova mentioned this issue Jan 10, 2025
Merged
6 tasks
@merelcht merelcht moved this from In Progress to In Review in Kedro Framework Jan 13, 2025
@github-project-automation github-project-automation bot moved this from In Review to Done in Kedro Framework Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ElenaKhaustova ElenaKhaustova

Labels
Component: DevSetup Issue/PR that addresses technical setup of the project repository
Projects
Kedro Framework
Status: Done
Milestone
DevOps and DevSetup cleanup
Development

No branches or pull requests
3 participants
@noklam @merelcht @ElenaKhaustova