feat: add flag to pass credentials to different Git hosting platforms · aquasecurity/trivy#6833

(1 comment) (6 reactions) (0 assignees)Go (35,000 stars) (371 forks)batch import

help wantedkind/featuretarget/repository

説明

Originally posted by psg18dhc May 31, 2024

I noticed that when using BitBucket private repositories it's not possible to scan my code repo as i get auth errors.

GITHUB_TOKEN and GITLAB_TOKEN env vars do not work (because it's not a GitHub repo)

Is there a way to do this securely without having to make the repo public ?

i.e can we have a BITBUCKET_TOKEN env var specifically for this purpose ?

Regards Daniel C

Git Repository

None

技術スタック: go
領域: securityauthentication
Issue 種別: feature
難度: 3
推定時間: 1-2 days
活動状況: stale
明確さ: clear
前提条件: Go programmingTrivy git scanning basicsEnvironment variable handling
初心者向け度: 65
調査方針: Examine how GITHUB TOKEN and GITLAB TOKEN are currently used in the Trivy codebase (e.g., in pkg/fanal or similar). Identify the relevant files and functions that handle authentication for Git repositories. Propose a similar implementation for a BITBUCKET TOKEN environment variable, ensuring consistency and security. Consider adding a command line flag to specify the token. The discussion at https://github.com/aquasecurity/trivy/discussions/6832 may contain additional context.