feat(secret): detect JWT tokens in secret scanning. #5479
very-doge-wow
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Currently the secret scanning does not detect JWT tokens, which are used for example by Artifactory as Authentication mechanism.
For example: If a user builds an OCI image and installs dependencies from a private Artifactory repository during build-time and has passed those credentials in an insecure manner to the builder (for example using ARG statements), trivy needs to detect this leak.
This is currently not the case.
Target
None
Scanner
Secret
Beta Was this translation helpful? Give feedback.
All reactions