git: 4bead352f49a - main - security/py-detect-secrets: Add py-detect-secrets 1.4.0

From: Po-Chuan Hsieh <sunpoet_at_FreeBSD.org>
Date: Wed, 05 Apr 2023 17:33:23 UTC
The branch main has been updated by sunpoet:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4bead352f49aa8c05252244c2f4a3998b51bd256

commit 4bead352f49aa8c05252244c2f4a3998b51bd256
Author:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
AuthorDate: 2023-04-05 17:07:32 +0000
Commit:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2023-04-05 17:29:40 +0000

    security/py-detect-secrets: Add py-detect-secrets 1.4.0
    
    detect-secrets is an aptly named module for (surprise, surprise) detecting
    secrets within a code base.
    
    However, unlike other similar packages that solely focus on finding secrets,
    this package is designed with the enterprise client in mind: providing a
    backwards compatible, systematic means of:
     1. Preventing new secrets from entering the code base,
     2. Detecting if such preventions are explicitly bypassed, and
     3. Providing a checklist of secrets to roll, and migrate off to a more secure
        storage.
    
    This way, you create a separation of concern: accepting that there may currently
    be secrets hiding in your large repository (this is what we refer to as a
    baseline), but preventing this issue from getting any larger, without dealing
    with the potentially gargantuan effort of moving existing secrets away.
    
    It does this by running periodic diff outputs against heuristically crafted
    regex statements, to identify whether any new secret has been committed. This
    way, it avoids the overhead of digging through all git history, as well as the
    need to scan the entire repository every time.
---
 security/Makefile                    |  1 +
 security/py-detect-secrets/Makefile  | 23 +++++++++++++++++++++++
 security/py-detect-secrets/distinfo  |  3 +++
 security/py-detect-secrets/pkg-descr | 20 ++++++++++++++++++++
 4 files changed, 47 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index d277abd90f4d..a45a92d6d43a 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -883,6 +883,7 @@
     SUBDIR += py-cryptography-vectors
     SUBDIR += py-ctypescrypto
     SUBDIR += py-cybox
+    SUBDIR += py-detect-secrets
     SUBDIR += py-dfdatetime
     SUBDIR += py-dfvfs
     SUBDIR += py-dfwinreg
diff --git a/security/py-detect-secrets/Makefile b/security/py-detect-secrets/Makefile
new file mode 100644
index 000000000000..73cc35efb8e3
--- /dev/null
+++ b/security/py-detect-secrets/Makefile
@@ -0,0 +1,23 @@
+PORTNAME=	detect-secrets
+PORTVERSION=	1.4.0
+CATEGORIES=	security python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+DISTNAME=	detect_secrets-${PORTVERSION}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Tool for detecting secrets in the codebase
+WWW=		https://github.com/Yelp/detect-secrets
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}yaml>=0:devel/py-yaml@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR}
+
+USES=		python:3.7+
+USE_PYTHON=	autoplist concurrent distutils
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
diff --git a/security/py-detect-secrets/distinfo b/security/py-detect-secrets/distinfo
new file mode 100644
index 000000000000..bb19926aafda
--- /dev/null
+++ b/security/py-detect-secrets/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1679498504
+SHA256 (detect_secrets-1.4.0.tar.gz) = d56787e339758cef48c9ccd6692f7a094b9963c979c9813580b0169e41132833
+SIZE (detect_secrets-1.4.0.tar.gz) = 94954
diff --git a/security/py-detect-secrets/pkg-descr b/security/py-detect-secrets/pkg-descr
new file mode 100644
index 000000000000..4d4944d57bba
--- /dev/null
+++ b/security/py-detect-secrets/pkg-descr
@@ -0,0 +1,20 @@
+detect-secrets is an aptly named module for (surprise, surprise) detecting
+secrets within a code base.
+
+However, unlike other similar packages that solely focus on finding secrets,
+this package is designed with the enterprise client in mind: providing a
+backwards compatible, systematic means of:
+ 1. Preventing new secrets from entering the code base,
+ 2. Detecting if such preventions are explicitly bypassed, and
+ 3. Providing a checklist of secrets to roll, and migrate off to a more secure
+    storage.
+
+This way, you create a separation of concern: accepting that there may currently
+be secrets hiding in your large repository (this is what we refer to as a
+baseline), but preventing this issue from getting any larger, without dealing
+with the potentially gargantuan effort of moving existing secrets away.
+
+It does this by running periodic diff outputs against heuristically crafted
+regex statements, to identify whether any new secret has been committed. This
+way, it avoids the overhead of digging through all git history, as well as the
+need to scan the entire repository every time.