Enhance Postman module to export workspaces as `CODE_REPOSITORY` events

Question

Enhance Postman module to export workspaces as `CODE_REPOSITORY` events

Closed this issue 2 months ago · 3 comments

Description
As newer versions of trufflehog have the ability to scan postman workspaces for known API keys, I thought we should make changes to the postman module to export the workspace as a CODE_REPOSITORY event as well as the existing event and have this consumed by trufflehog so it can run trufflehog postman --workspace-id=<workspace id> on the ID

Im happy to pick this one up

Answer 1 · 2024-08-09T10:44:10.000Z

I've got a PR ready to go, however there seems to be an issue with trufflehogs postman module crashing so heres a link to the uprstream issue trufflesecurity/trufflehog#3200

Answer 2 · 2024-08-29T17:53:35.000Z

Hmm it appears that the trufflehog postman module will only scan postman workspaces "online" if an API token is provided. Therefore it is probably better if I still raise these as CODE_REPOSITORY events but have another module to download postman code repositories and raise them as FILESYSTEM events. (This probably works out better for us anyway)

Answer 3 · 2024-09-27T09:11:48.000Z

Closing this issue as the postman module now exports CODE_REPOSITORY events and another module has been created to download postman workspaces (Working on improving the "in-scope" check of these in a separate PR)