Skip to content

Secret Scanning Dashboard #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 6, 2022
Merged

Secret Scanning Dashboard #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
251397e
feat: secret scanning eventtype
leftrightleft Dec 21, 2021
8c4644e
feat: add secret scanning dashboard
leftrightleft Dec 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions github_app_for_splunk/default/data/ui/nav/default.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
<collection label="Advanced Security">
<view name="security_alert_overview" />
<view name="code_scanning_overview" />
<view name="secret_scanning_overview" />
</collection>
<collection label="Developer Insights">
<view name="value_stream_analytics" />
Expand Down
148 changes: 148 additions & 0 deletions github_app_for_splunk/default/data/ui/views/secret_scanning_overview.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
<form>
<label>Secret Scanning Alerts</label>
<search id="baseSearch">
<query>
`github_webhooks` eventtype="GitHub::SecretScanning" | eval action='action', enterprise=if(isnotnull('enterprise.name'),'enterprise.name','unknown'), organization=if(isnotnull('organization.login'),'organization.login','unknown'), repository=if(isnotnull('repository.name'),'repository.name','unknown'), secret_type=if(isnotnull('alert.secret_type'),'alert.secret_type','unknown'), resolution=if(isnotnull('alert.resolution'),'alert.resolution','unknown'), resolved_at=if(isnotnull('alert.resolved_at'),'alert.resolved_at','unknown'), resolved_by=if(isnotnull('alert.resolved_by.login'),'alert.resolved_by.login','unknown')
</query>
<earliest>$timeTkn.earliest$</earliest>
<latest>$timeTkn.latest$</latest>
<sampleRatio>1</sampleRatio>
</search>
<fieldset submitButton="false" autoRun="true">
<input type="time" token="timeTkn" searchWhenChanged="true">
<label>Time Range</label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="multiselect" token="secret_type" searchWhenChanged="true">
<label>Secret Type</label>
<fieldForLabel>secret_type</fieldForLabel>
<fieldForValue>secret_type</fieldForValue>
<valuePrefix>"</valuePrefix>
<valueSuffix>"</valueSuffix>
<search base="baseSearch">
<query>| table secret_type | dedup secret_type</query>
</search>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
</input>
<input type="multiselect" token="orgTkn" searchWhenChanged="true">
<label>Organization</label>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
<valuePrefix>"</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter>,</delimiter>
<fieldForLabel>organization</fieldForLabel>
<fieldForValue>organization</fieldForValue>
<search base="baseSearch">
<query>| dedup organization | table organization</query>
</search>
</input>
<input type="multiselect" token="repoTkn" searchWhenChanged="true">
<label>Repositories</label>
<choice value="*">All</choice>
<default>*</default>
<initialValue>*</initialValue>
<valuePrefix>"</valuePrefix>
<valueSuffix>"</valueSuffix>
<delimiter>,</delimiter>
<fieldForLabel>repository</fieldForLabel>
<fieldForValue>repository</fieldForValue>
<search base="baseSearch">
<query>| dedup repository | table repository</query>
</search>
</input>
</fieldset>
<row>
<panel>
<single>
<title>Found Secrets</title>
<search base="baseSearch">
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="created" | stats count</query>
</search>
<option name="drilldown">none</option>
<option name="height">150</option>
<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
<panel>
<single>
<title>Fixed Secrets</title>
<search base="baseSearch">
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="resolved" | stats count</query>
</search>
<option name="drilldown">none</option>
<option name="height">150</option>
<option name="refresh.display">progressbar</option>
</single>
</panel>
<panel>
<chart>
<title>Secret Types</title>
<search base="baseSearch">
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | chart count by secret_type</query>
</search>
<option name="charting.chart">pie</option>
<option name="charting.drilldown">none</option>
<option name="height">175</option>
</chart>
</panel>
<panel>
<chart>
<title>Secrets Found/Fixed Ratio</title>
<search base="baseSearch">
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ (action=created OR action=resolved)
| timechart count(_raw) by action
| accum created
| accum resolved
| rename created as "Found"
| rename resolved as "Fixed"</query>
</search>
<option name="charting.axisTitleX.visibility">collapsed</option>
<option name="charting.chart">line</option>
<option name="charting.drilldown">none</option>
<option name="refresh.display">progressbar</option>
<option name="height">175</option>
</chart>
</panel>
</row>
<row>
<panel>
<table>
<title>Fixed Secrets</title>
<search base="baseSearch">
<query> | search action=resolved repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, resolution, resolved_by, _time
| rename secret_type as "Secret Type"
| rename organization as "Organization"
| rename repository as "Repository"
| rename resolution as "Resolution"
| rename resolved_by as "Resolved By"
</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
<row>
<panel>
<table>
<title>Found Secrets</title>
<search base="baseSearch">
<query> | search action=created repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, action, _time
| rename secret_type as "Secret Type"
| rename organization as "Organization"
| rename repository as "Repository"
| rename action as "Action"
</query>
</search>
<option name="drilldown">none</option>
</table>
</panel>
</row>
</form>
3 changes: 2 additions & 1 deletion github_app_for_splunk/default/data/ui/views/welcome_page.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@
Open Source repositories and customers of GitHub Advanced Security have access to application security tooling such as Code Scanning, Secret Scanning, and Dependency Review.
<ol>
<li>The <a href="security_alert_overview"> Advanced Security Overview</a> dashboard gives insight into the security posture of your GitHub Organization</li>
<li>The <a href="code_scanning_overview"> Code Scanning</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
<li>The <a href="code_scanning_overview"> Code Scanning Alerts</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
<li>The <a href="secret_scanning_overview"> Secret Scanning Alerts</a> dashboard provides visibility into secrets like API keys and personal access tokens that have been checked into your repositories</li>
</ol>
</p>
</div>
Expand Down
5 changes: 4 additions & 1 deletion github_app_for_splunk/default/eventtypes.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ search = `github_webhooks` action IN ("submitted","edited","dismissed") pull_req
search = `github_webhooks` after=* before=* "commits{}.id"=* ref=* "pusher.name"=*

[GitHub::Repo]
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=*
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=* NOT "alert.created_at"=* NOT "alert.number"=*

[GitHub::Project]
search = `github_webhooks` action IN ("created","edited","closed","reopenend","deleted") "project.number"=*
Expand All @@ -31,6 +31,9 @@ search = `github_webhooks` action IN ("queued","created","started","completed")
[GitHub::CodeScanning]
search = `github_webhooks` action IN ("appeared_in_branch", "closed_by_user", "created", "fixed", "reopened", "reopened_by_user") "alert.created_at"=*

[GitHub::SecretScanning]
search = `github_webhooks` action IN ("created", "resolved") "alert.secret_type"=*

[GitHub::VulnerabilityAlert]
search = `github_webhooks` action IN ("create", "dismiss", "resolve") "alert.external_identifier"=*

Expand Down