Skip to content

Scan deployments for deploy keys/passwords #754

New issue
New issue
Open
Open
Scan deployments for deploy keys/passwords#754
Labels
ready-for-worksecurity
@tobias

Description

@tobias
tobias
opened on May 17, 2020

project.clj files are included in deployment jars, and sometimes people put the clojars password/token in the project.clj. We should:

  • add a validation that rejects deployments that contain a credential in project.clj
  • scan all existing artifacts for any current passwords/tokens and disable the password/token, emailing the user

Metadata

Metadata

Assignees

No one assigned

    Labels

    ready-for-worksecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions