Secret Token Validation feature #144

barv-jfrog · 2024-08-13T12:53:48Z

The pull request is targeting the dev branch.
The code has been validated to compile successfully by running go vet ./....
The code has been formatted properly using go fmt ./....
All static analysis checks passed.
All tests have passed. If this feature is not already covered by the tests, new tests have been added.
All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Depends on - jfrog/documentation#145
Depends on - jfrog/jfrog-client-go#991

Description - adding a flag --validate-secrets to jf audit and jf docker scan so secrets found will trigger token validation on XRAY. Token validation takes secrets that are api tokens for example amazon secret key and checks if this key is still valid on amazon side. The capability is identical to audit and docker scan.
What I do is I pass an env var to analyzermanager because analyzers contain an env variable which according to its value (true/false) turns on the Gadget which is responsible for token validation.
As you see, there are multiple options to pass this env var, first through flag --validate-secrets, second through env var defined in user setup, third XRAY API which exists only from 3.101.0. otherwise it returns False.

OLD PR - #128

…o token-validation

audit_test.go

cli/docs/flags.go

utils/resultwriter.go

utils/resultstable_test.go

jas/common_test.go

utils/resultstable.go

tests/utils/test_validation.go

scans_test.go

…o token-validation

github-actions · 2024-09-18T08:22:33Z

🐸 JFrog Frogbot

Token Validation feature

c9f4fe5

barv-jfrog had a problem deploying to frogbot August 13, 2024 12:53 — with GitHub Actions Failure

barv-jfrog added 4 commits August 13, 2024 19:19

Tests + fixes

4321738

Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…

7b171eb

…o token-validation

Tests + fixes

62e7012

Tests + fixes

bc6fa3d

barv-jfrog had a problem deploying to frogbot August 15, 2024 07:44 — with GitHub Actions Failure

Tests + fixes

616b4c2

barv-jfrog had a problem deploying to frogbot August 15, 2024 08:12 — with GitHub Actions Failure

Tests + fixes

b9474b5

barv-jfrog had a problem deploying to frogbot August 15, 2024 08:22 — with GitHub Actions Failure

Tests + fixes

276f7e3

barv-jfrog had a problem deploying to frogbot August 15, 2024 08:39 — with GitHub Actions Failure

Tests + fixes

e60cadd

barv-jfrog had a problem deploying to frogbot August 15, 2024 11:06 — with GitHub Actions Failure

Tests + fixes

bb9112e

barv-jfrog had a problem deploying to frogbot August 15, 2024 11:53 — with GitHub Actions Failure

Tests + fixes

90c1c2f

barv-jfrog had a problem deploying to frogbot August 18, 2024 07:37 — with GitHub Actions Failure

Tests + fixes

17cd60f

barv-jfrog had a problem deploying to frogbot August 18, 2024 07:49 — with GitHub Actions Failure

Tests + fixes

eeebff7

barv-jfrog had a problem deploying to frogbot August 18, 2024 07:55 — with GitHub Actions Failure

Tests + fixes

c3b1efe

barv-jfrog had a problem deploying to frogbot August 18, 2024 11:33 — with GitHub Actions Failure

attiasas requested changes Aug 18, 2024

View reviewed changes

barv-jfrog added 2 commits August 19, 2024 10:30

Merge branch 'dev' of https://github.com/jfrog/jfrog-cli-security int…

f966ee1

…o token-validation

Tests + fixes

d4abf71

barv-jfrog had a problem deploying to frogbot August 19, 2024 11:15 — with GitHub Actions Failure

Tests + fixes

152f30b

barv-jfrog temporarily deployed to frogbot September 12, 2024 15:24 — with GitHub Actions Inactive

barv-jfrog added the safe to test Approve running integration tests on a pull request label Sep 12, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 12, 2024

fix token-validation

4a31491

barv-jfrog temporarily deployed to frogbot September 12, 2024 16:33 — with GitHub Actions Inactive

barv-jfrog added the safe to test Approve running integration tests on a pull request label Sep 12, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 12, 2024

Merge branch 'dev' into token-validation

35cf5e2

barv-jfrog requested a deployment to frogbot September 16, 2024 07:37 — with GitHub Actions Waiting

barv-jfrog added the safe to test Approve running integration tests on a pull request label Sep 16, 2024

github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 16, 2024

Merge branch 'dev' into token-validation

90b5bf7

barv-jfrog requested a deployment to frogbot September 17, 2024 09:46 — with GitHub Actions Waiting