From b223521d6610adff469f862328a4ed6242ad7d3f Mon Sep 17 00:00:00 2001 From: Taylor Date: Tue, 18 Jun 2024 13:51:38 -0700 Subject: [PATCH 1/4] Secrets --- .../secrets-policy-index/git-secrets-113.adoc | 47 ++++++++++++++++++ .../secrets-policy-index/git-secrets-114.adoc | 47 ++++++++++++++++++ .../secrets-policy-index/git-secrets-115.adoc | 49 +++++++++++++++++++ 3 files changed, 143 insertions(+) create mode 100644 docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc create mode 100644 docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc create mode 100644 docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc new file mode 100644 index 000000000..be7064b11 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc @@ -0,0 +1,47 @@ +== MonkeyLearn API Key detected in code + + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +|TBD + +|Checkov Check ID +|CKV_SECRET_113 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Git + +|=== + + +=== Description + +A MonkeyLearn API Key is essential for accessing the MonkeyLearn text analysis services, which provide powerful machine learning models for text data. The key is critical for authenticating requests to the API and ensuring that only authorized applications can utilize the service. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data leaks. It is vital to manage this key securely and regularly review your security practices to prevent any unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://monkeylearn.com/api/v3/#authentication[MonkeyLearn documentation and support] resources. + +=== Fix - Buildtime + +*MonkeyLearn* + +If your MonkeyLearn API Key is exposed, it's important to act promptly to revoke the compromised key and generate a new one to secure access to the API. Follow these steps to replace the exposed key and update all dependent applications: + +1. Log into your MonkeyLearn account using your administrator credentials. + +2. Navigate to the 'API Keys' section within your account settings. + +3. Identify the exposed key and delete it. + +4. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. + +5. Update all applications and services that use the MonkeyLearn API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. + +After updating the key, it is recommended to audit all recent uses of the MonkeyLearn API Key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and strengthen your security measures. diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc new file mode 100644 index 000000000..25cf1d666 --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc @@ -0,0 +1,47 @@ +== Clarifai API Key detected in code + + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +|TBD + +|Checkov Check ID +|CKV_SECRET_114 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Git + +|=== + + +=== Description + +A Clarifai API Key is vital for accessing Clarifai's powerful AI and machine learning services, which provide advanced image and video recognition capabilities. This key is crucial for authenticating requests to the API and ensuring that only authorized clients can utilize the services. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data leaks. Securely managing this key is essential to maintain the security and integrity of your applications. Regularly reviewing your security settings and practices is important to prevent unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://docs.clarifai.com/clarifai-basics/authentication/personal-access-tokens/[Clarifai documentation and support] resources. + +=== Fix - Buildtime + +*Clarifai* + +If your Clarifai API Key is exposed, immediate action is required to revoke the compromised key and generate a new one to secure access to the API. Follow these steps to replace the exposed key and update all dependent applications: + +1. Log into your Clarifai account using your administrator credentials. + +2. Navigate to the 'API Keys' section within your account settings. + +3. Identify the exposed key and delete it. + +4. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. + +5. Update all applications and services that use the Clarifai API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. + +After updating the key, it is recommended to audit all recent uses of the Clarifai API Key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and enhance your security measures. diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc new file mode 100644 index 000000000..f89d6e86a --- /dev/null +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc @@ -0,0 +1,49 @@ +== Azure Machine Learning web service API key detected in code + + +=== Policy Details + +[width=45%] +[cols="1,1"] +|=== +|Prisma Cloud Policy ID +|TBD + +|Checkov Check ID +|CKV_SECRET_115 + +|Severity +|MEDIUM + +|Subtype +|Build + +|Frameworks +|Git + +|=== + + +=== Description + +An Azure Machine Learning web service API key is essential for accessing and utilizing Azure Machine Learning web services. This key is critical for authenticating requests to the service and ensuring that only authorized applications can interact with it. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data breaches. Securely managing this key is crucial to maintaining the security and integrity of your applications. Regularly reviewing and updating your security settings and keys is important to prevent unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://learn.microsoft.com/en-us/purview/sit-defn-azure-machine-learning-web-service-api-key[Azure Machine Learning documentation and support] resources. + +=== Fix - Buildtime + +*Azure* + +If your Azure Machine Learning web service API key is exposed, it is crucial to take immediate action to revoke the compromised key and generate a new one to secure access to the service. Follow these steps to replace the exposed key and update all dependent applications: + +1. Log into your Azure Portal using your administrator credentials. + +2. Navigate to the relevant Azure Machine Learning workspace. + +3. Access the 'Keys' section within the Azure Machine Learning service. + +4. Identify the exposed key and delete it. + +5. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. + +6. Update all applications and services using this key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. + +After updating the key, it is recommended to audit all recent uses of the Azure Machine Learning web service API key to detect any unauthorized access or unusual activities. This will help you assess the impact of the exposure and enhance your security measures. From d82e5392b74be0d21678cde45892546c62845842 Mon Sep 17 00:00:00 2001 From: Taylor Date: Fri, 28 Jun 2024 15:45:17 -0700 Subject: [PATCH 2/4] Bakst feedback --- .../secrets-policy-index/git-secrets-113.adoc | 11 +++++++---- .../secrets-policy-index/git-secrets-114.adoc | 9 +++++---- .../secrets-policy-index/git-secrets-115.adoc | 11 +++++++---- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc index be7064b11..e924c63ea 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc @@ -26,21 +26,24 @@ === Description -A MonkeyLearn API Key is essential for accessing the MonkeyLearn text analysis services, which provide powerful machine learning models for text data. The key is critical for authenticating requests to the API and ensuring that only authorized applications can utilize the service. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data leaks. It is vital to manage this key securely and regularly review your security practices to prevent any unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://monkeylearn.com/api/v3/#authentication[MonkeyLearn documentation and support] resources. +The MonkeyLearn API Key serves as an essential credential for accessing MonkeyLearn's machine learning models for text data analysis. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your MonkeyLearn API Key securely and regularly review your security practices to prevent any unauthorized usage. + +For comprehensive security guidelines and best practices regarding MonkeyLearn API Key management, refer to the latest documentation and support resources available in the https://monkeylearn.com/api/v3/#authentication[MonkeyLearn documentation and support]. === Fix - Buildtime *MonkeyLearn* -If your MonkeyLearn API Key is exposed, it's important to act promptly to revoke the compromised key and generate a new one to secure access to the API. Follow these steps to replace the exposed key and update all dependent applications: +If your MonkeyLearn API key is exposed, it’s crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your MonkeyLearn account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised MonkeyLearn API Key and updating your application integrations, you not only secure your access to MonkeyLearn AI services but also maintain the confidentiality and integrity of your data flows. -1. Log into your MonkeyLearn account using your administrator credentials. +1. Log into your MonkeyLearn account with administrator credentials. 2. Navigate to the 'API Keys' section within your account settings. 3. Identify the exposed key and delete it. +NOTE: Ensure that deleting your key does not break any applications. -4. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. +4. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. 5. Update all applications and services that use the MonkeyLearn API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc index 25cf1d666..40d85f63b 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc @@ -26,21 +26,22 @@ === Description -A Clarifai API Key is vital for accessing Clarifai's powerful AI and machine learning services, which provide advanced image and video recognition capabilities. This key is crucial for authenticating requests to the API and ensuring that only authorized clients can utilize the services. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data leaks. Securely managing this key is essential to maintain the security and integrity of your applications. Regularly reviewing your security settings and practices is important to prevent unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://docs.clarifai.com/clarifai-basics/authentication/personal-access-tokens/[Clarifai documentation and support] resources. +The Clarifai API Key API Key serves as an essential credential for accessing Clarifai API Key's AI and machine learning models services, which provide advanced image and video recognition capabilities. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your Clarifai API Key securely and regularly review your security practices to prevent any unauthorized usage. For comprehensive security guidelines and best practices regarding MonkeyLearn API Key management, refer to the latest documentation and support resources available in the https://docs.clarifai.com/clarifai-basics/authentication/personal-access-tokens/[Clarifai documentation and support]. === Fix - Buildtime *Clarifai* -If your Clarifai API Key is exposed, immediate action is required to revoke the compromised key and generate a new one to secure access to the API. Follow these steps to replace the exposed key and update all dependent applications: +If your Clarifai API key is exposed, it's crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your Clarifai account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised Clarifai API Key and updating your application integrations, you not only secure your access to Clarifai AI services but also maintain the confidentiality and integrity of your data flows. -1. Log into your Clarifai account using your administrator credentials. +1. Log into your Clarifai account with administrator credentials. 2. Navigate to the 'API Keys' section within your account settings. 3. Identify the exposed key and delete it. +NOTE: Ensure that deleting your key does not break any applications. -4. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. +4. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. 5. Update all applications and services that use the Clarifai API Key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc index f89d6e86a..1f2bb6f01 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc @@ -26,23 +26,26 @@ === Description -An Azure Machine Learning web service API key is essential for accessing and utilizing Azure Machine Learning web services. This key is critical for authenticating requests to the service and ensuring that only authorized applications can interact with it. Exposure of this key can lead to unauthorized access, misuse of the API, and potential data breaches. Securely managing this key is crucial to maintaining the security and integrity of your applications. Regularly reviewing and updating your security settings and keys is important to prevent unauthorized usage. For detailed security guidelines and best practices, refer to the latest https://learn.microsoft.com/en-us/purview/sit-defn-azure-machine-learning-web-service-api-key[Azure Machine Learning documentation and support] resources. +The Azure Machine Learning web service API Key serves as an essential credential for accessing Azure Machine Learning web services. This key acts as a security measure, guaranteeing that only authorized applications can interact with the API and utilize the services provided. Exposing the API key can lead to unauthorized access, misuse of the API, and potential data leaks. For this reason, it's crucial to manage your Azure Machine Learning web service API Key securely and regularly review your security practices to prevent any unauthorized usage. + +For comprehensive security guidelines and best practices regarding Azure Machine Learning web service API Key management, refer to the latest documentation and support resources available in the https://learn.microsoft.com/en-us/purview/sit-defn-azure-machine-learning-web-service-api-key[Azure Machine Learning documentation and support] resources. === Fix - Buildtime *Azure* -If your Azure Machine Learning web service API key is exposed, it is crucial to take immediate action to revoke the compromised key and generate a new one to secure access to the service. Follow these steps to replace the exposed key and update all dependent applications: +If your Azure Machine Learning web service API key is exposed, it's crucial to take immediate action to prevent any unauthorized use. Regenerate a new key through your Azure account and replace the exposed key with the new key in all relevant applications. By regenerating a compromised Azure Machine Learning web service API Key and updating your application integrations, you not only secure your access to Azure Machine Learning web services but also maintain the confidentiality and integrity of your data flows. -1. Log into your Azure Portal using your administrator credentials. +1. Log into your Azure Portal with administrator credentials. 2. Navigate to the relevant Azure Machine Learning workspace. 3. Access the 'Keys' section within the Azure Machine Learning service. 4. Identify the exposed key and delete it. +NOTE: Ensure that deleting your key does not break any applications. -5. Generate a new API key by selecting 'Create new key'. Provide a name for the new key and save the changes. +5. Select 'Create new key' to generate a new API Key. Provide a name for the new key and save the changes. 6. Update all applications and services using this key with the new key values, ensuring the new key is not exposed in public repositories or hardcoded in your source code. From 90e411a2c832b33cf379b3f612afed728830cd99 Mon Sep 17 00:00:00 2001 From: Taylor Date: Fri, 27 Sep 2024 14:46:57 -0700 Subject: [PATCH 3/4] Update summary --- .../secrets-policy-index/git-secrets-113.adoc | 2 +- .../secrets-policy-index/git-secrets-114.adoc | 2 +- .../secrets-policy-index/git-secrets-115.adoc | 2 +- .../secrets-policy-index/secrets-policy-index.adoc | 14 ++++++++++++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc index e924c63ea..3ccf9b8fe 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-113.adoc @@ -7,7 +7,7 @@ [cols="1,1"] |=== |Prisma Cloud Policy ID -|TBD +|5c008314-3dec-4516-a8a8-c495b389e45b |Checkov Check ID |CKV_SECRET_113 diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc index 40d85f63b..7ba48b190 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-114.adoc @@ -7,7 +7,7 @@ [cols="1,1"] |=== |Prisma Cloud Policy ID -|TBD +|c324960a-8f7d-4f00-98b6-a442cdb0f433 |Checkov Check ID |CKV_SECRET_114 diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc index 1f2bb6f01..4c660cb45 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-115.adoc @@ -7,7 +7,7 @@ [cols="1,1"] |=== |Prisma Cloud Policy ID -|TBD +|f80d9a84-fb3a-4458-8a74-8a2fd8d844d7 |Checkov Check ID |CKV_SECRET_115 diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc index 71f9d881f..c062af0e0 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc @@ -631,5 +631,19 @@ |No |LOW +|xref:git-secrets-113.adoc[MonkeyLearn API Key detected in code] +|CKV_SECRET_113 +|No +|MEDIUM + +|xref:git-secrets-114.adoc[Clarifai API Key detected in code] +|CKV_SECRET_114 +|No +|MEDIUM + +|xref:git-secrets-115.adoc[Azure Machine Learning web service API key] +|CKV_SECRET_115 +|No +|MEDIUM |=== From c8186e44c71f84ba7694fc14d2d03f3b34c6c6e5 Mon Sep 17 00:00:00 2001 From: Taylor Date: Fri, 27 Sep 2024 14:48:37 -0700 Subject: [PATCH 4/4] Update book --- docs/en/enterprise-edition/policy-reference/book.yml | 6 ++++++ .../secrets-policy-index/secrets-policy-index.adoc | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/en/enterprise-edition/policy-reference/book.yml b/docs/en/enterprise-edition/policy-reference/book.yml index cec236321..2abb2e384 100644 --- a/docs/en/enterprise-edition/policy-reference/book.yml +++ b/docs/en/enterprise-edition/policy-reference/book.yml @@ -1803,6 +1803,12 @@ topics: file: git-secrets-111.adoc - name: Azure Functions HTTP Trigger Key file: git-secrets-112.adoc + - name: MonkeyLearn API Key + file: git-secrets-113.adoc + - name: Clarifai API Key + file: git-secrets-114.adoc + - name: Azure Machine Learning web service API key + file: git-secrets-115.adoc --- kind: chapter name: Google Cloud Policies diff --git a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc index c062af0e0..04d7a89b8 100644 --- a/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc +++ b/docs/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/secrets-policy-index.adoc @@ -631,12 +631,12 @@ |No |LOW -|xref:git-secrets-113.adoc[MonkeyLearn API Key detected in code] +|xref:git-secrets-113.adoc[MonkeyLearn API Key] |CKV_SECRET_113 |No |MEDIUM -|xref:git-secrets-114.adoc[Clarifai API Key detected in code] +|xref:git-secrets-114.adoc[Clarifai API Key] |CKV_SECRET_114 |No |MEDIUM