specifically, I created a file_with_secret.json file in the root of the project
token=12312312345645456
password=adminadmin
I built the docker image without any problems
ARG DEEPSECRETS_VERSION=1.4.0
ARG ALPINE_VERSION=3.22
ARG PYTHON_VERSION=3.13.5
ARG PYTHON_TAG=${PYTHON_VERSION}-alpine${ALPINE_VERSION}
FROM --platform=linux/amd64 python:${PYTHON_TAG}
ARG DEEPSECRETS_VERSION
ENV DEEPSECRETS_VERSION=${DEEPSECRETS_VERSION}
RUN apk update \
&& apk upgrade \
&& apk add git \
&& pip install "deepsecrets==${DEEPSECRETS_VERSION}"
CMD [ "/bin/ash" ]docker run --rm -v ${PWD}:/myapp -t deepsecrets:v1.4.0 deepsecrets --target-dir /myapp --outformat dojo-sarif --outfile /myapp/deepsecrets.sarifOutput of container logs
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
================================= DeepSecrets ==================================
╭─ A better tool for Secret Scanning─╮
│____________________________________│
╰────────── version 1.4.0 ───────────╯
⚠ Process count was not specified. Setting it to 10 based on the machine's CPU
config
============= Planning a scan against /myapp using 10 process(es) ==============
[*] Looking for applicable files...
[*] Found 9 applicable files for the scan
—————————————————————————————— Starting analysis ———————————————————————————————
⠋ OVERALL PROGRESS RAW FINDINGS (BEFORE FILTERING): 0 ━━━━━━━━━━━━━ 0% -:--:--WARNING: Token 'APPLICATION' defined, but not used
WARNING: Token 'ATTR' defined, but not used
WARNING: Token 'COMPONENT' defined, but not used
WARNING: Token 'CONSUMES' defined, but not used
WARNING: Token 'IN' defined, but not used
WARNING: Token 'PRODUCES' defined, but not used
WARNING: Token 'REGEXP' defined, but not used
WARNING: There are 7 unused tokens
OVERALL PROGRESS RAW FINDINGS (BEFORE FILTERING): 0 ━━━━━━━━━━━━━ 100% 0:00:00
[*] Merging similar findings..
[*] Filtering predefined false Findings..
Scanning finished successfully
==================================== REPORT ====================================
──────────────────────────────────────────────────────────────────────────────
Files (Tokens) Processed 9 (783)
Elapsed 2.2s
Potential Findings 0
Report Location /myapp/deepsecrets.sarif
──────────────────────────────────────────────────────────────────────────────
Any missed secret or massive false positive rate is potentially a bug
So feel free to report bugs and difficulties here
https://github.com/ntoskernel/deepsecrets/issues
FINISHED
The output shows that no secrets have been discovered.
{
"runs": [
{
"tool": {
"driver": {
"name": "DeepSecrets",
"rules": [],
"informationUri": "https://github.com/ntoskernel/deepsecrets",
"semanticVersion": "1.4.0"
}
},
"results": []
}
],
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0.json"
} I then renamed the file with the txt extension. It didn't change anything. The secrets never came to light.
docker run --rm -v ${PWD}:/myapp -t deepsecrets:v1.4.0 ls -la /myapp
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
total 52
drwxr-xr-x 16 root root 512 Jun 4 09:04 .
drwxr-xr-x 1 root root 4096 Jun 4 09:11 ..
drwxr-xr-x 12 root root 384 Jun 4 08:37 .git
-rw-r--r-- 1 root root 892 Jun 4 08:37 .gitlab-ci.yml
-rw-r--r-- 1 root root 122 Jun 4 08:37 .gitmodules
-rw-r--r-- 1 root root 5 Jun 4 08:42 .python-version
drwxr-xr-x 8 root root 256 Jun 4 08:42 .venv
-rw-r--r-- 1 root root 498 Jun 4 08:45 Dockerfile
-rw-r--r-- 1 root root 6196 Jun 4 08:37 README.md
-rw-r--r-- 1 root root 356 Jun 4 09:04 deepsecrets.sarif
-rw-r--r-- 1 root root 44 Jun 4 08:37 file_with_secret.txt
-rw-r--r-- 1 root root 88 Jun 4 08:42 main.py
-rw-r--r-- 1 root root 156 Jun 4 08:43 pyproject.toml
drwxr-xr-x 2 root root 64 Jun 4 08:37 shared_modules
-rw-r--r-- 1 root root 590 Jun 4 08:40 trivy_reports.sarif
-rw-r--r-- 1 root root 130 Jun 4 08:46 uv.lockdocker run --rm -v ${PWD}:/myapp -t deepsecrets:v1.4.0 cat /myapp/file_with_secret.txt
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
token=12312312345645456
password=adminadmin
specifically, I created a
file_with_secret.jsonfile in the root of the projectI built the docker image without any problems
docker run --rm -v ${PWD}:/myapp -t deepsecrets:v1.4.0 deepsecrets --target-dir /myapp --outformat dojo-sarif --outfile /myapp/deepsecrets.sarifOutput of container logs
The output shows that no secrets have been discovered.
{ "runs": [ { "tool": { "driver": { "name": "DeepSecrets", "rules": [], "informationUri": "https://github.com/ntoskernel/deepsecrets", "semanticVersion": "1.4.0" } }, "results": [] } ], "version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json" }I then renamed the file with the
txtextension. It didn't change anything. The secrets never came to light.