lukehinds/devsecop-london.md

Last active September 17, 2024 15:51

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/lukehinds/e4d09b6b12dc2b87f5cc63c92ccde9e5.js"></script>
Save lukehinds/e4d09b6b12dc2b87f5cc63c92ccde9e5 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

devsecop-london.md

Install the CLI

Mac

brew install stacklok/tap/minder

Windows

winget install stacklok.minder

Apply some rules and profiles

Clone rules and profiles

git clone [email protected]:stacklok/minder-rules-and-profiles.git profiles

Login and create an account

minder auth login

Create rules

minder ruletype create -f rule-types/github

Group the rules under a profile

minder profile create -f profiles/github/ghas.yaml

Enroll a provider

We will use GitHub for today

minder provider enroll --provider github-app

Register a repo

minder repo register

View the results

minder profile status list --detailed --name ghas-profile

Manual Remediaton

Let's now flip the secret scanning setting

Settings -> Code security and analysis -> Secret scanning [disable]

View the results (again)

Turn on auto-remediation

edit: profiles/github/ghas.yaml

View the results (again)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment