Changed reliance from Regex to presidio library and removed hardcoded report#11
Merged
Conversation
2. Found that previous iterations of scanner had hardcoded scanned information including PII and file directory in report.json, have now changed it so that it uploads locally and gitignores report.json file when .commit.
Contributor
Author
|
Latest iteration has added a main.py file that previous cohorts did not have. In workflow, it now ignores a report.json upload, utilises the proper version which is was making previous scans fail. The workflow now has a proper main.py file in place. Other commits have iterations such as dependencies improvement. |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I have made some changes to the asset-assessment scanner.
I found that there was a major security flaw when the scanner had reported findings and saved into a file called report.json. When a member would alter the code and git push their iteration of the code, it would include the scan that it had done.
The hardcoded information includes path directory of the file scanned and the information it had found.
I have also utilised AI to help me alter the reliance on regex patterns for PII scanning to a well-known library for enhanced scan accuracy. It is the presidio library, in which it is being utilised by microsoft for their own PII scans.