github.com/dcaravel/acs-secret-mem-eval
When executed will connect to a k8s cluster and listen for secrets (using the current env's KUBECONFIG)
When done monitoring, sending SIGINT (Ctrl+C) will trigger analysis of the size of secrets given various 'hardcoded' conditions
$ go run .
Collecting Secrets, Ctrl+C to analyze
999 secrets collected ^C
Result:
{
"NumTotalSecrets": 999,
"NumTotalPullSecrets": 372,
"NumSecretsByNsHost": 217,
"NumSecretsByNsHostWithNoSA": 217,
"NumSecretsByNsNameHost": 1110,
"NumSecretsByNsNameHostWithNoSA": 222,
"SizeBytesByNsHost": 219129,
"SizeBytesByNsHostWithNoSA": 216297,
"SizeBytesByNsNameHost": 1170684,
"SizeBytesByNsNameHostWithNoSA": 219501
}
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.