v0.42.1

v0.42.1 (2024-07-08)

Fix

• fix: created mock to override file open (#580)

This PR mocks the builtins.open for the
test_that_update_with_new_pattern_succeeds test so that the test doesn't
open and modify the actual secureli.yaml file in the repository

Tested that all tests still pass and that the secureli file is no longer
modified after running tests

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

Co-authored-by: Ian Bowden <ian.bowden@slalom> (525a738)

v0.42.0

v0.42.0 (2024-06-27)

Chore

• chore: updatehooks skips updated repos that aren't out of date by default (#575)

This PR adds a new argument to the updatehooks function named
force_update which is set to False by default. if force_update is false,
then we won't download/install the repo unless it is out of date. If
force_update is True, then we'd download and install the latest repo
version irrespective of the currently installed version.

There is currently no code (outside of unit tests) that's passing True
for the force_update argument.

Changes

<!-- A detailed list of changes -->
*

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: Ian Bowden <ian.bowden@slalom> (88b3d99)

Feature

• feat: Added Exit codes and updated unit tests #547 (#548)

secureli-375
#375

<!-- Include general description here -->
Added Additional Exit Codes based on error types as discussed. Passing
exitCode to the ScanFailure class

Changes

<!-- A detailed list of changes -->

• Added Exit Codes
• Updated ScanFailure
• Updated Unit Tests
• Verified no additional errors

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: Ian Bowden <ian.bowden@slalom> (c1b55b3)

v0.41.1

v0.41.1 (2024-06-20)

Chore

• chore: refactored to use common git file repository class (#568)

secureli-XXX

This PR refactors GitRepo and RepoFilesRepository classes into a common
GitRepo class which is an implementation of a new abstract class
VersionControlRepoAbstraction. VersionControlRepoAbstraction replaces
the RepoAbstraction class.

Changes

<!-- A detailed list of changes -->
*

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: Ian Bowden <ian.bowden@slalom> (7707615)

Fix

• fix: Precommit config overwritten on init (#572)

secureli-570

An existing precommit config file will be overwritten when running
secureli init.

I've added a flag to the init action to prevent overwriting the config--
`secureli init --preserve-precommit-config'

Changes

• Added --preserve-precommit-config parameter to init action

Testing

• Added copy of existing test with the flag added

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (f818123)

v0.41.0

v0.41.0 (2024-06-14)

Documentation

• docs: added windows set up documentation (#566)

secureli-XXX

This change adds the setup steps for contributors using windows machines

Changes

Added windows developer configuration information to contributing.md

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

Co-authored-by: Ian Bowden <ian.bowden@slalom> (730fe09)

• docs: Feature/secureli 488 update documentation with new features (#563)

secureli-488

Updating documentation for various features

Note this is branched off
feature/secureli-397-document-config-file-usage, as that hasn't yet
been merged and adds table of contents to the markdown files which
needed to be updated as part of this.

Changes

• Updated docstrings to provide hints about function parameters which
  hadn't been documented when they were added
• Added info to README.md on some features
• Moved language support information from CONTRIBUTING.md to
  README.md

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (46855c9)

• docs: Added info on repo-config.yaml and tables of contents (#562)

secureli-397

Issue was for adding documentation about config files. There wasn't much
more that needed to be added in that regard. I also added tables of
contents to README.md and CONTRIBUTING.md. The tables of contents
were generated with the VSCode plugin Markdown All in
One.

Changes

• Added section describing the nature of repo-config.yaml
• Added tables of contents to README.md and CONTRIBUTING.md

Testing

• n/a

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (587deec)

• docs: secureli 540 update documentation (#560)

secureli-540

This ticket was about a problem with configuring the pre-commit library.
I determined that the issue was due to misconfiguration by the user, and
the solution we settled on was to add documentation about how to specify
args in the pre-commit library's configuration file.

Additionally, I updated headings throughout the file. Previously there
were multiple H1s, and the License section was nested underneath the
Configuration section. I've updated it so that there is only a single H1
heading--the title of the document--and the License section is now a
sibling of configuration instead of a child.

Changes

• Updated headings throughout the file
• Added information and links for the pre-commit library
• Added information about a quirk of how pre-commit handles parameters
  that take arguments

Testing

• All changes are in documentation; no testing required or possible

Clean Code Checklist

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included (b48109c)

Feature

• feat: Added functionality to specify a custom scan when using the scan command (#565)

secureli-XXX

<!-- Include general description here -->

Changes

This PR improves the scan action by adding new functionality allowing
users to specify a custom scan id instead of only being able to specify
pre-commit hook ids. For example, you can now do secureli scan -t check-pii to run the pii scan.

A new service was introduced, CustomScannersService to help orchestrate
which custom scans should be run. Either a specific scan if an Id is
specified, all custom scans if no id is specified, or a None result is
returned if the specified id doesn't match a value in the new
CustomScanId enum. 

There was also some refactoring done.
modules/core/core_services/scanner.py is now
modules/core/core_services/hook_scanner.py to more accurately
describe its function. The pii scanner and custom_regex_scanner
directories have been moved into a new directory;
secureli/modules/custom_scanners/

Testing

Added unit tests and performed manual testing to confirm that pre-commit
hooks can be specified, custom scans can be specified, and when no id is
specified, then all scans are done

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: Ian Bowden <ian.bowden@slalom> (385803d)

Unknown

• Feature/secureli 460 custom regex (#564)

secureli-460

Adds new new-pattern parameter to secureli update and updates
secureli scan to check for custom regex

Changes

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->

• run secureli update --new-pattern <custom-regex-pattern>
• verify that your custom regex pattern was added to .secureli.yaml
• modify any file (other than .secureli.yaml) to include text that
  matches your custom regex
• stage the changes
• run secureli scan and verify the scan fails
• revert the changes and run secureli scan and verify the scan passes

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• [ x Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: Rachel Teal <[email protected]> (1917cca)

v0.40.0

v0.40.0 (2024-06-04)

Feature

• feat: Ignored file extensions can now be configured in the PII scanner (#559)

secureli-558

I'm on a Go project, and need the ability to add additional file
extensions, as the default set doesn't include them. Within the project,
go.mod and go.sum were including entries that appeared to be phone
numbers. There was no way to configure PII Scanner to ignore these
files, as any practical contents of these files would not be PII.

Rather than simply add them to the growing set of excluded extensions, I
thought I would make the set configurable.

As the set contains language-agnostic files, I also elected NOT to
include the go-specific files in that set.

A good follow-up work would be to also lay out, and selectively
activate, additional extensions to ignore based on the languages
configured in the repo.

Changes

<!-- A detailed list of changes -->

• pii_scanner is added to the .secureli-config.yaml file structure
• within that, ignored_extensions is a list of extensions that can be
  added to the default set
• PII scanner will now ignore all files in its default set of excluded
  files, as well as anything provided in the PII-scanner's specific
  config.

Testing

I tested with a repo containing only some go-based package files
(specifically go.mod and go.sum), which were appearing to the PII
scanner to contain phone numbers.

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue (n/a)
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (482cd57)

v0.39.0

v0.39.0 (2024-06-03)

Feature

• feat: Feature/secureli 494 refactor action.py (#556)

secureli-494

Changes

<!-- A detailed list of changes -->

• creates _update_config helper function to be used in
  verify_install
• creates _pre_install_checks helper function to be used in
  _install_secureli

Testing

• no additional tests, existing tests pass

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (9620692)

v0.38.0

v0.38.0 (2024-05-10)

Feature

• feat: Prompted to ReInstall When Running on Branch (#545)

secureli-537

<!-- Include general description here -->
Fixed bug that says "seCureLI is installed and up-to-date for the
following language(s)", even though seCureLI is not initialized
completely in that branch. This is an edge case where seCureLI has been
installed on one branch, but not on the other branch in the same
directory due to seCureLI artifacts that are git ignored.

Changes

<!-- A detailed list of changes -->

• Added messaging and stop of secureli process when this edge case
  occurs.
• Updated detect-secret hook version

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->

• Added required tests
• All existing tests are passing

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (22bbc35)

v0.37.0

v0.37.0 (2024-04-26)

Feature

• feat: Update template file hook before running initial scan (#521)

secureli-433

<!-- Include general description here -->
Update template file hook before running initial scan, not after

Changes

<!-- A detailed list of changes -->

• Update template file hook before running initial scan
• Added logging to action dependencies
• Cleaned up update progress output (pre-commit gc not accepting
  --config flag)
• Cleaned up container dependency injection
• Updated test to get rid of warnings in terminal
• Updated hooks versions

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->

• Added required unit test
• Updated existing unit tests and all passing

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (40651fa)

v0.36.0

v0.36.0 (2024-04-26)

Feature

• feat: tests for language detection (#532)

secureli-XXX

<!-- Include general description here -->

Changes

<!-- A detailed list of changes -->
*

Testing

<!--
Mention updated tests and any manual testing performed.
Are aspects not yet tested or not easily testable?
Feel free to include screenshots if appropriate.
-->
*

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
-->

---

Co-authored-by: isaac-heist-slalom <[email protected]> (454ec28)

v0.35.1

v0.35.1 (2024-04-24)

Chore

• chore: pip: Bump identify from 2.5.35 to 2.5.36 (#527)

Bumps identify from 2.5.35 to
2.5.36.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="pre-commit/identify@838a48983fdf6c630ad54404abeed2ca3df0f8c8&#34;&gt;&lt;code&gt;838a489&lt;/code&gt;&lt;/a>
v2.5.36</li>
<li><a
href="pre-commit/identify@dab738cced03c3f30d249deea1ac61ec43552a8f&#34;&gt;&lt;code&gt;dab738c&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/455&#34;&gt;#455&lt;/a>
from jalaziz/rust-cargo-tags</li>
<li><a
href="pre-commit/identify@c0083af7ab5b973f2adf75d9798efda859ed4223&#34;&gt;&lt;code&gt;c0083af&lt;/code&gt;&lt;/a>
Identify Cargo.toml and Cargo.lock as cargo and cargo-lock</li>
<li><a
href="pre-commit/identify@80f21075936bd3d063d720ae032a39eb6ec9456f&#34;&gt;&lt;code&gt;80f2107&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/452&#34;&gt;#452&lt;/a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@73dcf7d0000a02ae985418cd25ae6296c8c2d4ac&#34;&gt;&lt;code&gt;73dcf7d&lt;/code&gt;&lt;/a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@f6fb929da62ceaa94dbe1a1cd98236eaa5af1b23&#34;&gt;&lt;code&gt;f6fb929&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/449&#34;&gt;#449&lt;/a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@49e2b0939cd463f5fb5555452040950d1f6c9b3f&#34;&gt;&lt;code&gt;49e2b09&lt;/code&gt;&lt;/a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@21189f2f8262db7e521230c2d693d7c08f516c3f&#34;&gt;&lt;code&gt;21189f2&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/448&#34;&gt;#448&lt;/a>
from pre-commit/pre-commit-ci-update-config</li>
<li><a
href="pre-commit/identify@f58318102290824225055fd436ce17b69df39643&#34;&gt;&lt;code&gt;f583181&lt;/code&gt;&lt;/a>
[pre-commit.ci] pre-commit autoupdate</li>
<li><a
href="pre-commit/identify@1397916cbb6926c63422b07f2750a3da4d4a4154&#34;&gt;&lt;code&gt;1397916&lt;/code&gt;&lt;/a>
Merge pull request <a
href="https://redirect.github.com/pre-commit/identify/issues/447&#34;&gt;#447&lt;/a>
from pre-commit/pre-commit-ci-update-config</li>
<li>Additional commits viewable in <a
href="pre-commit/identify@v2.5.35...v2.5.36&#34;&gt;compare
view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits
  that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after
  your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
  and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating
  it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all
  of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop
  Dependabot creating any more for this major version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop
  Dependabot creating any more for this minor version (unless you reopen
  the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop
  Dependabot creating any more for this dependency (unless you reopen the
  PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (5863744)

• chore: change workflow name (#525)

secureli-437

Changes the name of the integration test workflow to smoke test.
According to the issue raised on stack overflow
here,
and the github documentation
here,
the old integration test workflow history should remain. Workflow runs
must be deleted manually, and renaming the files should create a new
workflow.

If the Integration Test workflow is still active after this PR is
merged, it should be disabled. How to disable a
workflow

Changes

• Rename .github/workflows/integration_testing.yml to
  .github/workflows/smoke_testing.yml
• Updated workflow name to Smoke Testing
• Updated job name and file reference to Smoke Testing in
  .github/workflows/publish.yml

Testing

• Not sure how to test, since this workflow will only run on main and be
  created when this PR is merged.

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included

<!--
Github-flavored markdown reference:
https://docs.github.com/en/get-started/writing-on-github
--> (be4a1af)

Fix

• fix: add GitPython to dependencies list (#530)

secureli-526

Add the GitPython package to our list of dependencies so that Poetry
adds it on install.

Changes

• add gitpython to pyproject.toml
• regenerated lock file with updated gitpython version
• poetry install also made some updates to the extra optional
  dependencies in the lock file

Testing

Ran Secureli init after a clean install, it passed

<img width="1101" alt="Screenshot 2024-04-23 at 3 44 54 PM"
src="https://github.com/slalombuild/secureli/assets/85907688/66d99d89-679e-4427-8d26-f6392b188484&#34;>

Ran Poe Tests
<img width="781" alt="Screenshot 2024-04-23 at 3 45 29 PM"
src="https://github.com/slalombuild/secureli/assets/85907688/cb7b7f0d-919f-4291-be2f-2fb9cc2f1da9&#34;>

Clean Code Checklist

<!-- This is here to support you. Some/most checkboxes may not apply to
your change -->

• Meets acceptance criteria for issue
• New logic is covered with automated tests
• Appropriate exception handling added
• Thoughtful logging included
• Documentation is updated
• Follow-up work is documented in TODOs
• TODOs have a ticket associated with them
• No commented-out code included (ac354ba)