pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-13 06:24:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Azure credential detection hook

Browse source 
Implements detect-azure-credentials hook based on Microsoft AzSK credential patterns.

Features:
- 33 credential detection patterns aligned with official AzSK specification
- Covers Azure-specific credentials (Data Factory, Storage, DevOps, etc.)
- Detects generic secrets (passwords, API keys, tokens, certificates)
- Comprehensive test suite with 22 test cases
- Pattern name identification in output for easier debugging

Patterns include (CSCAN codes):
- Azure Data Factory SHIR keys (0010)
- Azure Storage credentials (0020, 0040)
- App Service deployment secrets (0050)
- Connection strings and passwords (0090, 0100, 0120)
- Machine keys and network credentials (0130, 0150)
- DevOps PAT tokens (0160)
- PublishSettings passwords (0030)
- PEM private keys (0060)
- Git credentials (0210)
- JWT and refresh tokens (0250)
- Ansible Vault (0260)
- Azure PowerShell token cache (0270)
- Default/known passwords (0140)

All tests passing (22 Azure + 36 AWS = 58 total)
This commit is contained in:
Dimitri Vasdekis 2025-12-16 05:11:45 +00:00 committed by GitHub
parent 5dcc56558c
commit 7a894b3c98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 555 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/resources/azure_no_credentials.txt Normal file
View file

@ -0,0 +1,5 @@
# File with no Azure credentials
# This is a clean configuration file
app_name = my_application
port = 8080
debug = true