New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan deployments for deploy keys/passwords #754

Open

tobias opened this issue May 17, 2020 · 0 comments

Labels

ready-for-work security

Member

tobias commented May 17, 2020

project.clj files are included in deployment jars, and sometimes people put the clojars password/token in the project.clj. We should:

add a validation that rejects deployments that contain a credential in project.clj
scan all existing artifacts for any current passwords/tokens and disable the password/token, emailing the user

The text was updated successfully, but these errors were encountered:

danielcompton added the security label

tobias added the ready-for-work label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment