feat: add flag to pass credentials to different Git hosting platforms · aquasecurity/trivy#6833

(1 留言) (6 反應) (0 負責人)Go (35,000 star) (371 fork)batch import

help wantedkind/featuretarget/repository

描述

Originally posted by psg18dhc May 31, 2024

I noticed that when using BitBucket private repositories it's not possible to scan my code repo as i get auth errors.

GITHUB_TOKEN and GITLAB_TOKEN env vars do not work (because it's not a GitHub repo)

Is there a way to do this securely without having to make the repo public ?

i.e can we have a BITBUCKET_TOKEN env var specifically for this purpose ?

Regards Daniel C

Git Repository

None

技術棧: go
領域: securityauthentication
議題類型: feature
難度: 3
預計時間: 1-2 days
活動狀態: stale
清晰度: clear
前置要求: Go programmingTrivy git scanning basicsEnvironment variable handling
新手友善度: 65
研究方向: Examine how GITHUB TOKEN and GITLAB TOKEN are currently used in the Trivy codebase (e.g., in pkg/fanal or similar). Identify the relevant files and functions that handle authentication for Git repositories. Propose a similar implementation for a BITBUCKET TOKEN environment variable, ensuring consistency and security. Consider adding a command line flag to specify the token. The discussion at https://github.com/aquasecurity/trivy/discussions/6832 may contain additional context.