Auto Remediation support for Secret Detection
Problem to solve
Auto Remediation automatically fix vulnerabilities.
It currently supports Dependency Scanning findings. We should add Secret Detection results as well.
Target audience
- Sasha, Software Developer
- Sam, Security Analyst
Further details
We currently don't have solutions for Secret Detection, so the first step is to find how to get this information.
This is probably not enough, because removing credentials may be not enough if they are already exposed in the repo. This should be very clear in our message.
The only way to remediate a vulnerability is to invalidate it. We can provide some advice (and eventually automate) for the most common cases (GCP, AWS, etc).
Proposal
Provide patches for Secret Detection vulnerabilities. Once done, everything should follow the same flow of the existing Auto Remediation feature.
What does success look like, and how can we measure that?
Number of Secret Detection vulnerabilities fixed by Auto Remediation.