Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add options for baseline diff minimizing #92

Open
KevinHock opened this issue Nov 5, 2018 · 3 comments
Open

Add options for baseline diff minimizing #92

KevinHock opened this issue Nov 5, 2018 · 3 comments
Labels
enhancement The issue is related to improving a certain aspect of the project. good first issue The issue can be tackled by someone who has little to no knowledge about the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.

Comments

@KevinHock
Copy link
Collaborator

--no-line-numbers (in baseline)
--no-generated-at (in baseline)
and "Make pre-commit hook only look at the git diff" options.

Are all possible ideas.
@KevinHock KevinHock added help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. good first issue The issue can be tackled by someone who has little to no knowledge about the project. labels Nov 5, 2018
@stephenpaulger
Copy link

In an active project these fields can change quite often and make merging and code review slightly more difficult. I would definitely make use of these options if they were available.

@domanchi
Copy link
Contributor

Removing good first issue label.

The super tricky thing about this is that there's a reason for each of the fields. For example:

  • The line_number field powers the audit functionality
  • The version field indicates which version the baseline was generated at, to assist with backwards compatibility, and debugging issues when something breaks due to a version bump.
  • The generated_at field allows security teams to manually verify post-hoc whether this tool would have caught a secret found, if clients had used this pre-commit tool. This really helps with evangelization and promotion of best practices, seeing that pre-commit by its nature, is mostly an opt-in tool.

It's currently unclear what we would do for a "minimized baseline" to address the above points.

@domanchi domanchi removed the good first issue The issue can be tackled by someone who has little to no knowledge about the project. label Jun 25, 2019
@KevinHock
Copy link
Collaborator Author

KevinHock commented Jun 25, 2019
edited
Loading

The generated_at field allows security teams to manually verify post-hoc whether this tool would have caught a secret found, if clients had used this pre-commit tool. This really helps with evangelization and promotion of best practices, seeing that pre-commit by its nature, is mostly an opt-in tool.

What are the benefits of this over git log?

The version field indicates which version the baseline was generated at, to assist with backwards compatibility, and debugging issues when something breaks due to a version bump.

This doesn't change with many multiple users running their pre-commit hooks, causing merge conflicts etc. So I don't think this needs to be trimmed in the hypothetical future --minimize-baseline-diff option.

The line_number field powers the audit functionality.

This is tricky, we'd need to change the audit functionality to look only for a secret matching the hashed_secret before doing this.

I don't know if the e.g. --no-generated-at (in baseline) or "Make pre-commit hook only look at the git diff" options are complicated though.

@KevinHock KevinHock mentioned this issue Jul 10, 2019
Closed
@KevinHock KevinHock mentioned this issue Jul 17, 2019
Merged
@KevinHock KevinHock mentioned this issue Jul 30, 2019
Closed
@KevinHock KevinHock mentioned this issue Apr 28, 2020
Closed
@KevinHock KevinHock mentioned this issue May 18, 2020
Open
@lorenzodb1 lorenzodb1 added pending The issue still needs to be reviewed by one of the maintainers. and removed important labels Jun 13, 2022
@lorenzodb1 lorenzodb1 added good first issue The issue can be tackled by someone who has little to no knowledge about the project. enhancement The issue is related to improving a certain aspect of the project. labels May 9, 2024
@lorenzodb1 lorenzodb1 added triaged The issue has been reviewed but has not been solved yet. and removed pending The issue still needs to be reviewed by one of the maintainers. labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is related to improving a certain aspect of the project. good first issue The issue can be tackled by someone who has little to no knowledge about the project. help wanted Indicates that we would like someone that’s not a maintainer to work on the issue. triaged The issue has been reviewed but has not been solved yet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stephenpaulger @KevinHock @domanchi @lorenzodb1