feat: add flag to pass credentials to different Git hosting platforms · aquasecurity/trivy#6833

(1 comment) (6 reactions) (0 assignees)Go (35,000 stars) (371 forks)batch import

help wantedkind/featuretarget/repository

Description

Originally posted by psg18dhc May 31, 2024

I noticed that when using BitBucket private repositories it's not possible to scan my code repo as i get auth errors.

GITHUB_TOKEN and GITLAB_TOKEN env vars do not work (because it's not a GitHub repo)

Is there a way to do this securely without having to make the repo public ?

i.e can we have a BITBUCKET_TOKEN env var specifically for this purpose ?

Regards Daniel C

Git Repository

None

Tech stack: go
Domain: securityauthentication
Issue type: feature
Difficulty: 3
Estimated time: 1-2 days
Activity status: stale
Clarity: clear
Prerequisites: Go programmingTrivy git scanning basicsEnvironment variable handling
Newbie friendliness: 65
Research direction: Examine how GITHUB TOKEN and GITLAB TOKEN are currently used in the Trivy codebase (e.g., in pkg/fanal or similar). Identify the relevant files and functions that handle authentication for Git repositories. Propose a similar implementation for a BITBUCKET TOKEN environment variable, ensuring consistency and security. Consider adding a command line flag to specify the token. The discussion at https://github.com/aquasecurity/trivy/discussions/6832 may contain additional context.