/no-secrets-buildpack

Primary LanguageShellApache License 2.0Apache-2.0

No Secrets Buildpack

Version

This is a Cloud Native Buildpack that scans your source code for secrets before building and image. This can prevent leaking secrets into Docker registries or runtime environments where they should not be.

Usage

You can combine this buildpack with any other buildpack that shares a compatible stack. For example:

$ pack build -b jkutner/no-secrets,heroku/nodejs myapp

How it works

The buildpack installs a subset of the awslabs/git-secrets scripts, and runs it without Git. However, it still uses Git to store patterns (prohibited and allowed), which means git is required on the build image.