UNPKG

secret-protection-custom-pattern-automation

Version:

A Playwright-based tool to automate GitHub secret scanning custom pattern management.

github.com/advanced-security/secret-protection-custom-pattern-automation

60 lines (47 loc) 3.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// Help text export const HELP_TEXT = ` Secret Scanning Custom Pattern Automation Tool Usage: npm start -- [options] <target> Arguments: target Target repository (owner/repo), organization, or enterprise Options: --server <url> GitHub server URL (default: https://github.com) --scope <scope> Target scope: repo, org, enterprise (auto-detected for repos, and assumed to be org if not a repository) --pattern <file> Pattern file(s) to upload (can be specified multiple times) --include-pattern-name <pattern> Patterns to include in upload (can be specified multiple times) --exclude-pattern-name <pattern> Patterns to exclude from upload (can be specified multiple times) --dry-run-threshold <n> Maximum allowed dry-run results before skipping (default: 0) --enable-push-protection Enable push protection for uploaded patterns --keep-push-protection Do not change push protection settings for patterns --disable-push-protection Disable push protection for uploaded patterns --download-existing Download existing patterns to existing-patterns.yml --delete-existing Delete existing patterns --validate-only Validate patterns without uploading (no authentication required) --validate/--no-validate Validate patterns before upload (default: true) --headless/--no-headless Run in headless mode (default: true) --force-submission Force submission even if tests fail --debug Enable debug mode with screenshots and verbose logging --dry-run-all-repos Run dry-run on all repositories in organization (org scope only) --dry-run-repo <repo> Specific repositories for dry-run (can be specified multiple times) --max-test-tries <number> Maximum number of 0.1s to wait for the test to complete --help Show this help message # Optional: Set default server for GitHub Enterprise export GITHUB_SERVER=https://github.example.com # Optional: Set default dry-run threshold export DRY_RUN_THRESHOLD=25 Examples: # Upload patterns to a repository npm start -- --pattern patterns.yml owner/repo # Upload multiple pattern files with push protection npm start -- --pattern generic.yml --pattern vendor.yml --enable-push-protection owner/repo # Download existing patterns from an organization npm start -- --download-existing --scope org myorg # Upload patterns with custom threshold and visible browser npm start -- --pattern patterns.yml --dry-run-threshold 100 --no-headless owner/repo # Upload to GitHub Enterprise Server npm start -- --server https://github.example.com --pattern patterns.yml owner/repo # Dry-run on all repositories in an organization npm start -- --pattern patterns.yml --dry-run-all-repos myorg # Dry-run on specific repositories only npm start -- --pattern patterns.yml --dry-run-repo-list repo1 --dry-run-repo-list repo2 myorg `;