Auto Remediation support for Secret Detection

Problem to solve

Auto Remediation automatically fix vulnerabilities.

It currently supports Dependency Scanning findings. We should add Secret Detection results as well.

Target audience

Sasha, Software Developer
Sam, Security Analyst

Further details

We currently don't have solutions for Secret Detection, so the first step is to find how to get this information.

This is probably not enough, because removing credentials may be not enough if they are already exposed in the repo. This should be very clear in our message.

The only way to remediate a vulnerability is to invalidate it. We can provide some advice (and eventually automate) for the most common cases (GCP, AWS, etc).

Proposal

Provide patches for Secret Detection vulnerabilities. Once done, everything should follow the same flow of the existing Auto Remediation feature.

What does success look like, and how can we measure that?

Number of Secret Detection vulnerabilities fixed by Auto Remediation.

Edited Jul 17, 2020 by Nicole Schwartz