generated from adobe/aem-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 76
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #721 from tsmithv11/build-policies-24-7
Add new secrets for 24.7 release
- Loading branch information
Showing
5 changed files
with
170 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
...ion/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| == MonkeyLearn API Key detected in code | ||
|
|
||
|
|
||
| === Policy Details | ||
|
|
||
| [width=45%] | ||
| [cols="1,1"] | ||
| |=== | ||
| |Prisma Cloud Policy ID | ||
| |5c008314-3dec-4516-a8a8-c495b389e45b | ||
|
|
||
| |Checkov Check ID | ||
| |CKV_SECRET_113 | ||
|
|
||
| |Severity | ||
| |MEDIUM | ||
|
|
||
| |Subtype | ||
| |Build | ||
|
|
||
| |Frameworks | ||
| |Git | ||
|
|
||
| |=== | ||
|
|
||
|
|
||
| === Description | ||
|
|
||
| The MonkeyLearn API Key serves as an essential credential for accessing MonkeyLearn's machine learning models for text data analysis. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your MonkeyLearn API Key securely and regularly review your security practices to prevent any unauthorized usage. | ||
|
|
||
| For comprehensive security guidelines and best practices regarding MonkeyLearn API Key management, refer to the latest documentation and support resources available in the https://monkeylearn.com/api/v3/#authentication[MonkeyLearn documentation and support]. | ||
|
|
||
| === Fix - Buildtime | ||
|
|
||
| *MonkeyLearn* | ||
|
|
||
| If your MonkeyLearn API key is exposed, it’s crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your MonkeyLearn account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised MonkeyLearn API Key and updating your application integrations, you not only secure your access to MonkeyLearn AI services but also maintain the confidentiality and integrity of your data flows. | ||
|
|
||
| 1. Log into your MonkeyLearn account with administrator credentials. | ||
|
|
||
| 2. Navigate to the 'API Keys' section within your account settings. | ||
|
|
||
| 3. Identify the exposed key and delete it. | ||
| NOTE: Ensure that deleting your key does not break any applications. | ||
|
|
||
| 4. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. | ||
|
|
||
| 5. Update all applications and services that use the MonkeyLearn API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. | ||
|
|
||
| After updating the key, it is recommended to audit all recent uses of the MonkeyLearn API Key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and strengthen your security measures. |
48 changes: 48 additions & 0 deletions
48
...ion/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| == Clarifai API Key detected in code | ||
|
|
||
|
|
||
| === Policy Details | ||
|
|
||
| [width=45%] | ||
| [cols="1,1"] | ||
| |=== | ||
| |Prisma Cloud Policy ID | ||
| |c324960a-8f7d-4f00-98b6-a442cdb0f433 | ||
|
|
||
| |Checkov Check ID | ||
| |CKV_SECRET_114 | ||
|
|
||
| |Severity | ||
| |MEDIUM | ||
|
|
||
| |Subtype | ||
| |Build | ||
|
|
||
| |Frameworks | ||
| |Git | ||
|
|
||
| |=== | ||
|
|
||
|
|
||
| === Description | ||
|
|
||
| The Clarifai API Key API Key serves as an essential credential for accessing Clarifai API Key's AI and machine learning models services, which provide advanced image and video recognition capabilities. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your Clarifai API Key securely and regularly review your security practices to prevent any unauthorized usage. For comprehensive security guidelines and best practices regarding MonkeyLearn API Key management, refer to the latest documentation and support resources available in the https://docs.clarifai.com/clarifai-basics/authentication/personal-access-tokens/[Clarifai documentation and support]. | ||
|
|
||
| === Fix - Buildtime | ||
|
|
||
| *Clarifai* | ||
|
|
||
| If your Clarifai API key is exposed, it's crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your Clarifai account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised Clarifai API Key and updating your application integrations, you not only secure your access to Clarifai AI services but also maintain the confidentiality and integrity of your data flows. | ||
|
|
||
| 1. Log into your Clarifai account with administrator credentials. | ||
|
|
||
| 2. Navigate to the 'API Keys' section within your account settings. | ||
|
|
||
| 3. Identify the exposed key and delete it. | ||
| NOTE: Ensure that deleting your key does not break any applications. | ||
|
|
||
| 4. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. | ||
|
|
||
| 5. Update all applications and services that use the Clarifai API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. | ||
|
|
||
| After updating the key, it is recommended to audit all recent uses of the Clarifai API Key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and enhance your security measures. |
52 changes: 52 additions & 0 deletions
52
...ion/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| == Azure Machine Learning web service API key detected in code | ||
|
|
||
|
|
||
| === Policy Details | ||
|
|
||
| [width=45%] | ||
| [cols="1,1"] | ||
| |=== | ||
| |Prisma Cloud Policy ID | ||
| |f80d9a84-fb3a-4458-8a74-8a2fd8d844d7 | ||
|
|
||
| |Checkov Check ID | ||
| |CKV_SECRET_115 | ||
|
|
||
| |Severity | ||
| |MEDIUM | ||
|
|
||
| |Subtype | ||
| |Build | ||
|
|
||
| |Frameworks | ||
| |Git | ||
|
|
||
| |=== | ||
|
|
||
|
|
||
| === Description | ||
|
|
||
| The Azure Machine Learning web service API Key serves as an essential credential for accessing Azure Machine Learning web services. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your Azure Machine Learning web service API Key securely and regularly review your security practices to prevent any unauthorized usage. | ||
|
|
||
| For comprehensive security guidelines and best practices regarding Azure Machine Learning web service API Key management, refer to the latest documentation and support resources available in the https://learn.microsoft.com/en-us/purview/sit-defn-azure-machine-learning-web-service-api-key[Azure Machine Learning documentation and support] resources. | ||
|
|
||
| === Fix - Buildtime | ||
|
|
||
| *Azure* | ||
|
|
||
| If your Azure Machine Learning web service API key is exposed, it's crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your Azure account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised Azure Machine Learning web service API Key and updating your application integrations, you not only secure your access to Azure Machine Learning web services but also maintain the confidentiality and integrity of your data flows. | ||
|
|
||
| 1. Log into your Azure Portal with administrator credentials. | ||
|
|
||
| 2. Navigate to the relevant Azure Machine Learning workspace. | ||
|
|
||
| 3. Access the 'Keys' section within the Azure Machine Learning service. | ||
|
|
||
| 4. Identify the exposed key and delete it. | ||
| NOTE: Ensure that deleting your key does not break any applications. | ||
|
|
||
| 5. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. | ||
|
|
||
| 6. Update all applications and services using this key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. | ||
|
|
||
| After updating the key, it is recommended to audit all recent uses of the Azure Machine Learning web service API key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and enhance your security measures. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters