feat: add flag to pass credentials to different Git hosting platforms · aquasecurity/trivy#6833

(1 评论) (6 反应) (0 负责人)Go (35,000 star) (371 fork)batch import

help wantedkind/featuretarget/repository

描述

Originally posted by psg18dhc May 31, 2024

I noticed that when using BitBucket private repositories it's not possible to scan my code repo as i get auth errors.

GITHUB_TOKEN and GITLAB_TOKEN env vars do not work (because it's not a GitHub repo)

Is there a way to do this securely without having to make the repo public ?

i.e can we have a BITBUCKET_TOKEN env var specifically for this purpose ?

Regards Daniel C

Git Repository

None

技术栈: go
领域: securityauthentication
议题类型: feature
难度: 3
预计时间: 1-2 days
活动状态: stale
清晰度: clear
前置要求: Go programmingTrivy git scanning basicsEnvironment variable handling
新手友好度: 65
研究方向: Examine how GITHUB TOKEN and GITLAB TOKEN are currently used in the Trivy codebase (e.g., in pkg/fanal or similar). Identify the relevant files and functions that handle authentication for Git repositories. Propose a similar implementation for a BITBUCKET TOKEN environment variable, ensuring consistency and security. Consider adding a command line flag to specify the token. The discussion at https://github.com/aquasecurity/trivy/discussions/6832 may contain additional context.