-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add in timing metrics for each tool to the html report. (#9)
* add in timing metrics to see how long each tool takes
- Loading branch information
1 parent
9249498
commit f1aacc7
Showing
4 changed files
with
411 additions
and
310 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,348 @@ | ||
| <h1>About Secret Synth</h1><p>Secret Synth is a meta-secret scanner solution that wraps popular source code secret scanning solutions such as gitleaks, Nosey Parker, and Trufflehog.</p><h2>Disclaimer</h2><p>By default, aggregated reports hash secret values. While this can be overridden, care should be taken how results are shared. There may be known and unknown bugs in the calculations of this tool. You are expected to do your own due diligence to check the accuracy of these findings. The use or not use of any scanning solution should not be take as an endorsement to use any particular scanning solution. If you want to see a solution added, drop a request in the repo linked at the bottom of this document.</p><h1>Top Level Summary</h1><p>Here is an overview of the secret scan results. Check the tools used and the error count to see if there may have been problems with the scan.</p><style type="text/css"> | ||
| #T_4fc0a_ table { | ||
| border: 1px solid black; | ||
| } | ||
| #T_4fc0a_ tr:nth-of-type(odd) { | ||
| background: #eee; | ||
| } | ||
| #T_4fc0a_ tr:nth-of-type(even) { | ||
| background: #fff; | ||
| } | ||
| #T_4fc0a_ th { | ||
| background: #606060; | ||
| color: white; | ||
| font-weight: bold; | ||
| } | ||
| </style> | ||
| <table id="T_4fc0a_"> | ||
| <thead> | ||
| <tr> | ||
| <th class="col_heading level0 col0" >Metric</th> | ||
| <th class="col_heading level0 col1" >Value</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td id="T_4fc0a_row0_col0" class="data row0 col0" >Time of Report</td> | ||
| <td id="T_4fc0a_row0_col1" class="data row0 col1" >2024-02-02 11:49:33.000482</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row1_col0" class="data row1 col0" >Arguments</td> | ||
| <td id="T_4fc0a_row1_col1" class="data row1 col1" >['secretsynth.py', '--org-type', 'users', '--owners', 'swell-consulting', '--skip-ghas', '--open-report-in-browser']</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row2_col0" class="data row2 col0" >Owners</td> | ||
| <td id="T_4fc0a_row2_col1" class="data row2 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row3_col0" class="data row3 col0" >Scanning Source Tools</td> | ||
| <td id="T_4fc0a_row3_col1" class="data row3 col1" >3</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row4_col0" class="data row4 col0" >Total Repos on Disk</td> | ||
| <td id="T_4fc0a_row4_col1" class="data row4 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row5_col0" class="data row5 col0" >Total Repos with Secrets</td> | ||
| <td id="T_4fc0a_row5_col1" class="data row5 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row6_col0" class="data row6 col0" >Total Secrets by Source</td> | ||
| <td id="T_4fc0a_row6_col1" class="data row6 col1" >{'gitleaks': 61, 'noseyparker': 59, 'trufflehog': 12}</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row7_col0" class="data row7 col0" >Total Secrets (all tools)</td> | ||
| <td id="T_4fc0a_row7_col1" class="data row7 col1" >132</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row8_col0" class="data row8 col0" >Repos without GHAS Secrets Scanning Enabled</td> | ||
| <td id="T_4fc0a_row8_col1" class="data row8 col1" >0</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row9_col0" class="data row9 col0" >Total Distinct Secrets</td> | ||
| <td id="T_4fc0a_row9_col1" class="data row9 col1" >57</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row10_col0" class="data row10 col0" >Secret Matches Count (Experimental)</td> | ||
| <td id="T_4fc0a_row10_col1" class="data row10 col1" >328</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_4fc0a_row11_col0" class="data row11 col0" >Total Errors in Log</td> | ||
| <td id="T_4fc0a_row11_col1" class="data row11 col1" >0</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
| <h2>Timing Metrics</h2><p>Here are the timing metrics for the entire run. This is useful to see if any particular function is taking a long time to run.</p><style type="text/css"> | ||
| #T_a64a0_ table { | ||
| border: 1px solid black; | ||
| } | ||
| #T_a64a0_ tr:nth-of-type(odd) { | ||
| background: #eee; | ||
| } | ||
| #T_a64a0_ tr:nth-of-type(even) { | ||
| background: #fff; | ||
| } | ||
| #T_a64a0_ th { | ||
| background: #606060; | ||
| color: white; | ||
| font-weight: bold; | ||
| } | ||
| </style> | ||
| <table id="T_a64a0_"> | ||
| <thead> | ||
| <tr> | ||
| <th class="col_heading level0 col0" >Function</th> | ||
| <th class="col_heading level0 col1" >Time (seconds)</th> | ||
| <th class="col_heading level0 col2" >Percentage of Total Time</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td id="T_a64a0_row0_col0" class="data row0 col0" >total_gitleaks_time</td> | ||
| <td id="T_a64a0_row0_col1" class="data row0 col1" >0 hours 0 minutes 0.08 seconds</td> | ||
| <td id="T_a64a0_row0_col2" class="data row0 col2" >0.79</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_a64a0_row1_col0" class="data row1 col0" >total_trufflehog_time</td> | ||
| <td id="T_a64a0_row1_col1" class="data row1 col1" >0 hours 0 minutes 8.93 seconds</td> | ||
| <td id="T_a64a0_row1_col2" class="data row1 col2" >93.39</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_a64a0_row2_col0" class="data row2 col0" >total_noseyparker_time</td> | ||
| <td id="T_a64a0_row2_col1" class="data row2 col1" >0 hours 0 minutes 0.56 seconds</td> | ||
| <td id="T_a64a0_row2_col2" class="data row2 col2" >5.83</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
| <h1>Repo-Level Metrics</h1><p>This section provides detailed metrics for each repository scanned. This just gives you an idea of the quantity of secrets discovered by each tool and the total number of secrets in the entire repository.</p><style type="text/css"> | ||
| #T_c317d_ table { | ||
| border: 1px solid black; | ||
| } | ||
| #T_c317d_ tr:nth-of-type(odd) { | ||
| background: #eee; | ||
| } | ||
| #T_c317d_ tr:nth-of-type(even) { | ||
| background: #fff; | ||
| } | ||
| #T_c317d_ th { | ||
| background: #606060; | ||
| color: white; | ||
| font-weight: bold; | ||
| } | ||
| </style> | ||
| <table id="T_c317d_"> | ||
| <thead> | ||
| <tr> | ||
| <th class="col_heading level0 col0" >repo_name_</th> | ||
| <th class="col_heading level0 col1" >secret_count</th> | ||
| <th class="col_heading level0 col2" >secret_nunique</th> | ||
| <th class="col_heading level0 col3" >source_total_gitleaks_secrets</th> | ||
| <th class="col_heading level0 col4" >source_total_trufflehog_secrets</th> | ||
| <th class="col_heading level0 col5" >source_total_noseyparker_secrets</th> | ||
| <th class="col_heading level0 col6" >source_total_ghas_secrets</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td id="T_c317d_row0_col0" class="data row0 col0" >leaky-repo</td> | ||
| <td id="T_c317d_row0_col1" class="data row0 col1" >85</td> | ||
| <td id="T_c317d_row0_col2" class="data row0 col2" >39</td> | ||
| <td id="T_c317d_row0_col3" class="data row0 col3" >34</td> | ||
| <td id="T_c317d_row0_col4" class="data row0 col4" >9</td> | ||
| <td id="T_c317d_row0_col5" class="data row0 col5" >42</td> | ||
| <td id="T_c317d_row0_col6" class="data row0 col6" >0</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_c317d_row1_col0" class="data row1 col0" >swiss-cheese</td> | ||
| <td id="T_c317d_row1_col1" class="data row1 col1" >47</td> | ||
| <td id="T_c317d_row1_col2" class="data row1 col2" >18</td> | ||
| <td id="T_c317d_row1_col3" class="data row1 col3" >27</td> | ||
| <td id="T_c317d_row1_col4" class="data row1 col4" >3</td> | ||
| <td id="T_c317d_row1_col5" class="data row1 col5" >17</td> | ||
| <td id="T_c317d_row1_col6" class="data row1 col6" >0</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_c317d_row2_col0" class="data row2 col0" >Summary</td> | ||
| <td id="T_c317d_row2_col1" class="data row2 col1" >132</td> | ||
| <td id="T_c317d_row2_col2" class="data row2 col2" >57</td> | ||
| <td id="T_c317d_row2_col3" class="data row2 col3" >61</td> | ||
| <td id="T_c317d_row2_col4" class="data row2 col4" >12</td> | ||
| <td id="T_c317d_row2_col5" class="data row2 col5" >59</td> | ||
| <td id="T_c317d_row2_col6" class="data row2 col6" >0</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
| <h1>Detector Metrics</h1><p>Every tool emits a detector type. The table below just gives you an aggregated view of the types of secrets that have been found and the magnitude of each. This does not indicate which tool found the secret.</p><style type="text/css"> | ||
| #T_353bd_ table { | ||
| border: 1px solid black; | ||
| } | ||
| #T_353bd_ tr:nth-of-type(odd) { | ||
| background: #eee; | ||
| } | ||
| #T_353bd_ tr:nth-of-type(even) { | ||
| background: #fff; | ||
| } | ||
| #T_353bd_ th { | ||
| background: #606060; | ||
| color: white; | ||
| font-weight: bold; | ||
| } | ||
| </style> | ||
| <table id="T_353bd_"> | ||
| <thead> | ||
| <tr> | ||
| <th class="col_heading level0 col0" >detector</th> | ||
| <th class="col_heading level0 col1" >detector_count</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td id="T_353bd_row0_col0" class="data row0 col0" >generic-api-key</td> | ||
| <td id="T_353bd_row0_col1" class="data row0 col1" >50</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row1_col0" class="data row1 col0" >Generic Password (double quoted)</td> | ||
| <td id="T_353bd_row1_col1" class="data row1 col1" >17</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row2_col0" class="data row2 col0" >Generic API Key</td> | ||
| <td id="T_353bd_row2_col1" class="data row2 col1" >14</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row3_col0" class="data row3 col0" >netrc Credentials</td> | ||
| <td id="T_353bd_row3_col1" class="data row3 col1" >6</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row4_col0" class="data row4 col0" >Generic Password (single quoted)</td> | ||
| <td id="T_353bd_row4_col1" class="data row4 col1" >4</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row5_col0" class="data row5 col0" >Generic Secret</td> | ||
| <td id="T_353bd_row5_col1" class="data row5 col1" >4</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row6_col0" class="data row6 col0" >aws-access-token</td> | ||
| <td id="T_353bd_row6_col1" class="data row6 col1" >4</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row7_col0" class="data row7 col0" >Github</td> | ||
| <td id="T_353bd_row7_col1" class="data row7 col1" >3</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row8_col0" class="data row8 col0" >AWS Secret Access Key</td> | ||
| <td id="T_353bd_row8_col1" class="data row8 col1" >3</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row9_col0" class="data row9 col0" >Slack Webhook</td> | ||
| <td id="T_353bd_row9_col1" class="data row9 col1" >3</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row10_col0" class="data row10 col0" >PEM-Encoded Private Key</td> | ||
| <td id="T_353bd_row10_col1" class="data row10 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row11_col0" class="data row11 col0" >Slack User Token</td> | ||
| <td id="T_353bd_row11_col1" class="data row11 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row12_col0" class="data row12 col0" >private-key</td> | ||
| <td id="T_353bd_row12_col1" class="data row12 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row13_col0" class="data row13 col0" >hashicorp-tf-password</td> | ||
| <td id="T_353bd_row13_col1" class="data row13 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row14_col0" class="data row14 col0" >SlackWebhook</td> | ||
| <td id="T_353bd_row14_col1" class="data row14 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row15_col0" class="data row15 col0" >slack-webhook-url</td> | ||
| <td id="T_353bd_row15_col1" class="data row15 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row16_col0" class="data row16 col0" >PrivateKey</td> | ||
| <td id="T_353bd_row16_col1" class="data row16 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row17_col0" class="data row17 col0" >MailChimp API Key</td> | ||
| <td id="T_353bd_row17_col1" class="data row17 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row18_col0" class="data row18 col0" >Generic Username and Password (quoted)</td> | ||
| <td id="T_353bd_row18_col1" class="data row18 col1" >2</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row19_col0" class="data row19 col0" >Slack</td> | ||
| <td id="T_353bd_row19_col1" class="data row19 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row20_col0" class="data row20 col0" >NpmToken</td> | ||
| <td id="T_353bd_row20_col1" class="data row20 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row21_col0" class="data row21 col0" >MongoDB</td> | ||
| <td id="T_353bd_row21_col1" class="data row21 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row22_col0" class="data row22 col0" >Mailchimp</td> | ||
| <td id="T_353bd_row22_col1" class="data row22 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row23_col0" class="data row23 col0" >slack-user-token</td> | ||
| <td id="T_353bd_row23_col1" class="data row23 col1" >1</td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_353bd_row24_col0" class="data row24 col0" >AWS</td> | ||
| <td id="T_353bd_row24_col1" class="data row24 col1" >1</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
| <h1>Report Links</h1><p>Here you can find the raw data of all the secrets in the merged_scan_results_report. The first few columns represent the generic information found among all tools. Any fields starting with np_, gl_, gh_, or th_ are specifics to those tools.</p><style type="text/css"> | ||
| #T_032ed_ table { | ||
| border: 1px solid black; | ||
| } | ||
| #T_032ed_ tr:nth-of-type(odd) { | ||
| background: #eee; | ||
| } | ||
| #T_032ed_ tr:nth-of-type(even) { | ||
| background: #fff; | ||
| } | ||
| #T_032ed_ th { | ||
| background: #606060; | ||
| color: white; | ||
| font-weight: bold; | ||
| } | ||
| </style> | ||
| <table id="T_032ed_"> | ||
| <thead> | ||
| <tr> | ||
| <th class="col_heading level0 col0" >Report Name</th> | ||
| <th class="col_heading level0 col1" >Description</th> | ||
| <th class="col_heading level0 col2" >CSV Link</th> | ||
| </tr> | ||
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td id="T_032ed_row0_col0" class="data row0 col0" >Merged Report</td> | ||
| <td id="T_032ed_row0_col1" class="data row0 col1" >The merged report contains the row-by-row of all secrets from all secret scanners. The merged reports create a few common fields to make it easier to aggregate and filter across multiple secret scanning solutions.</td> | ||
| <td id="T_032ed_row0_col2" class="data row0 col2" ><a href="../.././reports/reports_202402021149/merged_scan_results_report_202402021149.csv">../.././reports/reports_202402021149/merged_scan_results_report_202402021149.csv</a></td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_032ed_row1_col0" class="data row1 col0" >GHAS Secret Alerts</td> | ||
| <td id="T_032ed_row1_col1" class="data row1 col1" >GHAS alerts are the alerts that are pulled down from the GitHub Advanced Security (GHAS) API. GHAS secret alerts to do not contain secret, line, or file information from the API.</td> | ||
| <td id="T_032ed_row1_col2" class="data row1 col2" ><a href="../.././reports/reports_202402021149/ghas_secret_alerts_202402021149.csv">../.././reports/reports_202402021149/ghas_secret_alerts_202402021149.csv</a></td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_032ed_row2_col0" class="data row2 col0" >Matches Report</td> | ||
| <td id="T_032ed_row2_col1" class="data row2 col1" >Experimental. These are secrets that have at least one match among the other tools. Consider these results experimental only.</td> | ||
| <td id="T_032ed_row2_col2" class="data row2 col2" ><a href="../.././reports/reports_202402021149/scanning_tool_matches_only_202402021149.csv">../.././reports/reports_202402021149/scanning_tool_matches_only_202402021149.csv</a></td> | ||
| </tr> | ||
| <tr> | ||
| <td id="T_032ed_row3_col0" class="data row3 col0" >Error Log</td> | ||
| <td id="T_032ed_row3_col1" class="data row3 col1" >Any processing errors are logged here. If the total errors is > 0, then your results may be incomplete.</td> | ||
| <td id="T_032ed_row3_col2" class="data row3 col2" ><a href="../.././reports/reports_202402021149/error_log_202402021149.log">../.././reports/reports_202402021149/error_log_202402021149.log</a></td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
| <h1>License and Source Code</h1><p>Secret Synth is distributed under MIT License. Source code for Secret Synth can be found <a href="https://github.com/austimkelly/gitleaks-utils">here</a></p> |
Oops, something went wrong.