summaryrefslogtreecommitdiff
path: root/security/py-detect-secrets/pkg-descr
diff options
context:
space:
mode:
Diffstat (limited to 'security/py-detect-secrets/pkg-descr')
-rw-r--r--security/py-detect-secrets/pkg-descr20
1 files changed, 20 insertions, 0 deletions
diff --git a/security/py-detect-secrets/pkg-descr b/security/py-detect-secrets/pkg-descr
new file mode 100644
index 000000000000..4d4944d57bba
--- /dev/null
+++ b/security/py-detect-secrets/pkg-descr
@@ -0,0 +1,20 @@
+detect-secrets is an aptly named module for (surprise, surprise) detecting
+secrets within a code base.
+
+However, unlike other similar packages that solely focus on finding secrets,
+this package is designed with the enterprise client in mind: providing a
+backwards compatible, systematic means of:
+ 1. Preventing new secrets from entering the code base,
+ 2. Detecting if such preventions are explicitly bypassed, and
+ 3. Providing a checklist of secrets to roll, and migrate off to a more secure
+ storage.
+
+This way, you create a separation of concern: accepting that there may currently
+be secrets hiding in your large repository (this is what we refer to as a
+baseline), but preventing this issue from getting any larger, without dealing
+with the potentially gargantuan effort of moving existing secrets away.
+
+It does this by running periodic diff outputs against heuristically crafted
+regex statements, to identify whether any new secret has been committed. This
+way, it avoids the overhead of digging through all git history, as well as the
+need to scan the entire repository every time.
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-21 23:29:04 +0000