sentinel-ci 1.3.1 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/rules/hardcoded_secrets.rb +1 -1
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 05ec8a3cc855319be1e044cb67785456089df4eb8b4521b63851e632d4f6c85b
|
|
4
|
+
data.tar.gz: bbc9aeaebde81a269a86c0fb4cf79887160276be65aa19dcc8cc41c00179e73c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c56ab53a07504a0354771338fb5ba1749e97208c54fba88409b7fd3b0736cab47531a355f13eea2977d40fb87001e2ed2d8254fccca4b8662217b0e7071bc29a
|
|
7
|
+
data.tar.gz: 6345de4a020a502b11ade9aa98042a912c8445b0d32af26c1fab6e22e0374ad3f62c41f469146262f8b7f584959fa34ce54ec686376d82a6aa1ccc47bf36b378
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 1.3.2 (2026-05-22)
|
|
4
|
+
|
|
5
|
+
### Bug Fixes
|
|
6
|
+
- hardcoded-secrets: stop flagging bare uppercase env-var-name references in `with:` blocks (e.g. `server-password: MAVEN_PASSWORD` in `actions/setup-java`). These are env-var-name references read by the action, not literal passwords.
|
|
7
|
+
|
|
3
8
|
## 1.3.1 (2026-05-22)
|
|
4
9
|
|
|
5
10
|
### Bug Fixes
|
|
@@ -16,7 +16,7 @@ module Rules
|
|
|
16
16
|
}.freeze
|
|
17
17
|
|
|
18
18
|
PASSWORD_PATTERN = /password:\s*[^\s${\#]+/i
|
|
19
|
-
SAFE_VALUE_PATTERN = /\$\{\{.*\}\}|\$[A-Z_]
|
|
19
|
+
SAFE_VALUE_PATTERN = /\$\{\{.*\}\}|\$[A-Z_]+|\A[A-Z][A-Z0-9_]+\z/
|
|
20
20
|
SAFE_PASSWORDS = %w[postgres password test example changeme admin root dummy placeholder true false].freeze
|
|
21
21
|
|
|
22
22
|
def check(workflow)
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sentinel-ci
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordan Ritter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-05-
|
|
11
|
+
date: 2026-05-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Scan GitHub Actions workflows for 32 security vulnerabilities. SHA pinning,
|
|
14
14
|
shell injection, credential exposure, dangerous triggers. Optional AI-powered remediation
|