security/py-detect-secrets: Add py-detect-secrets 1.4.0

detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base. However, unlike other similar packages that solely focus on finding secrets, this package is designed with the enterprise client in mind: providing a backwards compatible, systematic means of: 1. Preventing new secrets from entering the code base, 2. Detecting if such preventions are explicitly bypassed, and 3. Providing a checklist of secrets to roll, and migrate off to a more secure storage. This way, you create a separation of concern: accepting that there may currently be secrets hiding in your large repository (this is what we refer to as a baseline), but preventing this issue from getting any larger, without dealing with the potentially gargantuan effort of moving existing secrets away. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.
2024-11-19 00:13:33 +00:00 · 2023-04-06 01:07:32 +08:00 · 2023-04-06 01:07:32 +08:00 · 4bead352f4
commit 4bead352f4
parent a313154d94
4 changed files with 47 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -883,6 +883,7 @@
    SUBDIR += py-cryptography-vectors
    SUBDIR += py-ctypescrypto
    SUBDIR += py-cybox
+    SUBDIR += py-detect-secrets
    SUBDIR += py-dfdatetime
    SUBDIR += py-dfvfs
    SUBDIR += py-dfwinreg
--- a/security/py-detect-secrets/Makefile
+++ b/security/py-detect-secrets/Makefile
@ -0,0 +1,23 @@
+PORTNAME=	detect-secrets
+PORTVERSION=	1.4.0
+CATEGORIES=	security python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+DISTNAME=	detect_secrets-${PORTVERSION}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Tool for detecting secrets in the codebase
+WWW=		https://github.com/Yelp/detect-secrets
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}yaml>=0:devel/py-yaml@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR}
+
+USES=		python:3.7+
+USE_PYTHON=	autoplist concurrent distutils
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
--- a/security/py-detect-secrets/distinfo
+++ b/security/py-detect-secrets/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1679498504
+SHA256 (detect_secrets-1.4.0.tar.gz) = d56787e339758cef48c9ccd6692f7a094b9963c979c9813580b0169e41132833
+SIZE (detect_secrets-1.4.0.tar.gz) = 94954
--- a/security/py-detect-secrets/pkg-descr
+++ b/security/py-detect-secrets/pkg-descr
@ -0,0 +1,20 @@
+detect-secrets is an aptly named module for (surprise, surprise) detecting
+secrets within a code base.
+
+However, unlike other similar packages that solely focus on finding secrets,
+this package is designed with the enterprise client in mind: providing a
+backwards compatible, systematic means of:
+ 1. Preventing new secrets from entering the code base,
+ 2. Detecting if such preventions are explicitly bypassed, and
+ 3. Providing a checklist of secrets to roll, and migrate off to a more secure
+    storage.
+
+This way, you create a separation of concern: accepting that there may currently
+be secrets hiding in your large repository (this is what we refer to as a
+baseline), but preventing this issue from getting any larger, without dealing
+with the potentially gargantuan effort of moving existing secrets away.
+
+It does this by running periodic diff outputs against heuristically crafted
+regex statements, to identify whether any new secret has been committed. This
+way, it avoids the overhead of digging through all git history, as well as the
+need to scan the entire repository every time.