ggshield VS prettier

For secrets scanning you can implement ggshield precommit hook. : https://github.com/GitGuardian/ggshield

I believe you'll get all the information you need on their website

The GitGuardian's CLI, ggshield, was recently updated to support IaC misconfigurations scanning: it's as easy as  ggshield iac scan path_to_iac_main_folder.

If you want to build a configuration from an example, you can find a sample config file at https://github.com/GitGuardian/ggshield/blob/main/.gitguardian.example.yml.

I agree that code scanning is really important, the best way to convince others is to identify high-risk threats in source code and present them to the decision-makers. For example, scanning Secrets is great for showing how repositories can be a massive vulnerability and identifying some low-hanging fruit, especially in the git history. Attackers are really after git repository access for this reason and there are plenty of open-source or free tools that you can use to illustrate the problem. Git-Secrets, Truffle Hog. These aren't great for a long-term commercial solution, something like GitGuardian is a better commercial tool but if the goal is just to illustrate the problem then finding some high-value secrets with free tools is a good way to convince the security personnel to invest in some solutions. Then the door is open to having more conversations as you have already proven the risk.

First up is the leaked TLS private key. Poor Corp added their wildcard certificate to their GitLab image, but they didn’t consider that anyone could steal the private key from the Docker image once published on Docker Hub. Rather than adding sensitive files and hardcoded environment variables to their containers while they were being built, Poor Corp should have used runtime environment variables and mounted volumes to pass secrets into the container—by the way, ggshield, the secrets detection CLI from GitGuardian, has a command for scanning Docker images. If you find that you’ve also made this mistake, you need to immediately revoke any certificates or credentials that were exposed.

GitGuardian’s CLI, ggshield, can be installed as a pre-commit hook on a developer’s workstation to act like a security seatbelt preventing any secret from being committed locally in the first place. If a developer chooses to bypass the guardrail and push a secret anyway, the event is reported in the GitGuardian dashboard. This allows security teams to have eyes on any possible policy issues as developers build—all without holding up their progress. These tools can detect risks, watch for vulnerabilities, and notify the right people in a non-intrusive way.

ggshield is one of the tools we develop at GitGuardian to help secure the codebase. Integrated as a hook it will scan the content of the git patch to make sure it does not contains any secret like an API token.

In this post, I also use ESLint + Standard JS as my code formatting tools. Formatting JS/TS code by using ESLint is also subjective and opinionated, arguably most people would rather use Prettier instead, which provides more configurable options.

Let's be honest - setting up tools for a new project can be a frustrating process. Especially when you want to jump straight to coding part. This is often the case with ESLint and Prettier, two popular tools in the JavaScript ecosystem that can sometimes interfere with each other when it comes to code formatting. Fortunately, there's a simple solution to this process, and it's called eslint-plugin-prettier.

From my point of view, Prettier doesn't work well for styling with utility classes. For a discussion see Prettier#7863 or Prettier#5948.

Prettier: An opinionated code formatter that enforces a consistent code style.

Automating code checks with static code analysis allows us to enforce code styling effectively. By integrating tools into our workflow, we can identify errors at an early stage, while coding instead of blocking us at the end. For instance, flake8 checks Python code for style and errors, eslint performs similar checks for JavaScript, and prettier automatically formats code to maintain consistency.

So anyways, I wanted to hook up Emacs with Astro support. For now, I've just been roughing it out there and running Prettier by itself and turning off save on format and auto-complete. It's been scary.

If you're a developer, you're surely familiar with Prettier and ESLint. With over 8 years of existence, they have established themselves as references in the JavaScript ecosystem.

prettier is used to format you text

No formatting inconsistencies: The committed code should follow the organization's code formatting standards(prettier or pretty-quick).

Let’s walk through the steps for a one-time setup to configure husky pre-commit and pre-push hooks, ESLint with code styles conventions, prettier code formatter, and lint-staged. Husky automatically runs a script on each commit or push. This is useful for linting files to enforce code styles that keeps the entire code base following conventions.