feat: yarn berry + yarn fetch + docker opti #177
Conversation
|
Updated dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
@matmut7 la config talisman pour ignorer le dossier |
|
| GitGuardian id | Secret | Commit | Filename | |
|---|---|---|---|---|
| 3513932 | Generic High Entropy Secret | c576a17 | .github/workflows/e2e.yml | View secret |
| 3513932 | Generic High Entropy Secret | 84bd3b1 | .github/workflows/e2e.yml | View secret |
| 3513932 | Generic High Entropy Secret | 50bded2 | .github/workflows/e2e.yml | View secret |
| 3513932 | Generic High Entropy Secret | 981809e | .github/workflows/e2e.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
|
Kudos, SonarCloud Quality Gate passed!
|
|
🎉 Deployment for commit 84de80c : Docker images
Debug
|
|
🎉 This PR is included in version 1.16.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
Il faudrait svp mettre ce plugin sur l'orga socialgouv avant de deployer ailleurs : https://raw.githubusercontent.com/devthejo/yarn-plugin-fetch |
la façon de fonctionner des plugins yarn fait qu'il y a une copie locale de l'ensemble du code du plugin qui est commité, donc la reference au repo n'est qu'indicative, il ne va pas install depuis ce repo, et changer la ref dans le yarnrc n'aura aucun impact je viens de le forker sur SocialGouv pour garder une copie, mais je vais continuer le maintenir personnellement je suis également contributeur et co-maintainer de https://github.com/rohit-gohri/yarn-lock-to-package-json/ sur lequel il est basé |
Je crois qu'on ne peut pas simplement ignorer un dossier du scan. On ne peut que whitelist un certain état des fichiers par leur hash. C'est un des défauts de ce système, si on a trop de frustration sur ça il faudra pas hésiter à chercher un autre système |
No description provided.