Merge pull request #250 from commjoen/experiment-bed-readme

Experiment bed readme update: add instructions related to #201
OWASP · Apr 4, 2022 · 3dd6476 · 3dd6476
2 parents 5ee2435 + ddece69
commit 3dd6476
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -193,6 +193,12 @@ You can help us by the following methods:
 - Share this app with others
 - Of course, we can always use your help [to get more flavors](https://github.com/commjoen/wrongsecrets/issues/37) of "wrongly" configured secrets in to spread awareness! We would love to get some help with other cloudproiders, like Alibabaor Tencent cloud for instance. Do you miss something else than a cloud provider as an example? File an issue or create a PR! See [our guide on contributing for more details](CONTRIBUTING.md). Contributors will be listed in releases, in the "Special thanks & Contributors"-section, and the web-app.
 
+## Use OWASP WrongSecrets as a secret detection benchmark
+
+As tons of secret detection tools are coming up for both Docker and Git, we are creating a Benchmark testbed for it.
+Want to know if your tool detects everything? We will keep track of the embedded secrets in [this issue](https://github.com/commjoen/wrongsecrets/issues/201) and have a [branch](https://github.com/commjoen/wrongsecrets/tree/experiment-bed) in which we put additional secrets for your tool to detect.
+The branch will contain a Docker container generation script using which you can eventually test your container secret scanning.
+
 ## Notes on development
 
 If you want to test against vault without K8s: start vault locally with

diff --git a/src/main/resources/templates/welcome.html b/src/main/resources/templates/welcome.html
@@ -130,6 +130,11 @@
                     </ul>
                 </div>
             </div>
+            <div class="col-12 col-lg-7">
+                <div class="border border-dark thank-you">
+                    Want to see if your tool of choice detects all the secrets available in this project? <a href="https://github.com/commjoen/wrongsecrets/#use-owasp-wrongsecrets-as-a-secret-detection-benchmark">Check the instructions in the README</a>.
+                </div>
+            </div>
         </div>
     </div>
 </div>