This is a quick blog on how we can use the TruffleHog utility in our Jenkins pipeline to search for the secrets, passwords, sensitive keys which may have been accidentally committed in our repositories.
TruffleHog proves to be a great tool in helping us to fetch the sensitive data from our repositories which we do not want to expose at any cost.
Before moving further with this blog, I would like you all to take a look at the prerequisites that are mentioned below.
In simple words, SonarQube is an open-source tool for continuous inspection of code quality. It does static code analysis, provides a detailed report of bugs, code smells, vulnerabilities and code duplications.
SonarQube integration with Azure DevOps
We can utilize built-in Azure DevOps tasks for SonarQube which helps us to incorporate this tool into our CI/CD pipelines. We will learn that with a use case.
Azure Logic Apps is the PaaS (Platform as a Service) offering from Microsoft Azure. Logic Apps helps us to define workflows and build powerful solutions with the help of connectors, triggers, and actions.
– Basic understanding of cloud platform and SQL Query.