\u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u0647\u0648 \u0627\u0644\u0633\u0628\u0628 \u0627\u0644\u0623\u0648\u0644 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628. \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u0643\u0634\u0648\u0641\u0629 \u2014 \u0645\u0641\u0627\u062a\u064a\u062d API\u060c \u0648\u0643\u0644\u0645\u0627\u062a \u0645\u0631\u0648\u0631 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0648\u0631\u0645\u0648\u0632 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0633\u062d\u0627\u0628\u0629 \u2014 \u062a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0633\u0627\u0631\u0627\u064b \u0645\u0628\u0627\u0634\u0631\u0627\u064b \u0625\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0625\u0646\u062a\u0627\u062c. \u0648\u0641\u0642\u0627\u064b \u0644\u062a\u0642\u0631\u064a\u0631 GitGuardian \u0644\u0639\u0627\u0645 2025 \u062d\u0648\u0644 \u062d\u0627\u0644\u0629 \u0627\u0646\u062a\u0634\u0627\u0631 \u0627\u0644\u0623\u0633\u0631\u0627\u0631\u060c \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0623\u0643\u062b\u0631 \u0645\u0646 12 \u0645\u0644\u064a\u0648\u0646 \u0633\u0631 \u062c\u062f\u064a\u062f \u0641\u064a \u0639\u0645\u0644\u064a\u0627\u062a commit \u0627\u0644\u0639\u0627\u0645\u0629 \u0639\u0644\u0649 GitHub \u0641\u064a \u0639\u0627\u0645 \u0648\u0627\u062d\u062f.<\/p>\n
\u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0644\u064a\u0633\u062a \u0623\u0646 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0645\u0647\u0645\u0644\u0648\u0646. \u0628\u0644 \u0625\u0646 \u062a\u0633\u0644\u064a\u0645 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062d\u062f\u064a\u062b \u064a\u062a\u0636\u0645\u0646 \u0639\u0634\u0631\u0627\u062a \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0625\u0639\u062f\u0627\u062f \u0648\u0645\u062a\u063a\u064a\u0631\u0627\u062a \u0627\u0644\u0628\u064a\u0626\u0629 \u0648\u0646\u0642\u0627\u0637 \u0627\u0644\u062a\u0643\u0627\u0645\u0644 \u062d\u064a\u062b \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0646\u062a\u0647\u064a \u0627\u0644\u0623\u0645\u0631 \u0628\u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0644\u062e\u0637\u0623 \u0641\u064a \u0627\u0644\u062a\u062d\u0643\u0645 \u0628\u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a. \u0645\u0641\u062a\u0627\u062d AWS \u0648\u0627\u062d\u062f \u0645\u0633\u0631\u0651\u0628 \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u0643\u0644\u0641 \u0627\u0644\u0645\u0624\u0633\u0633\u0629 \u0639\u0634\u0631\u0627\u062a \u0627\u0644\u0622\u0644\u0627\u0641 \u0645\u0646 \u0627\u0644\u062f\u0648\u0644\u0627\u0631\u0627\u062a \u0641\u064a \u062f\u0642\u0627\u0626\u0642.<\/p>\n
\u064a\u0631\u0634\u062f\u0643 \u0647\u0630\u0627 \u0627\u0644\u0645\u062e\u062a\u0628\u0631 \u0627\u0644\u0639\u0645\u0644\u064a \u062e\u0644\u0627\u0644 \u0625\u0639\u062f\u0627\u062f \u0627\u0633\u062a\u0631\u0627\u062a\u064a\u062c\u064a\u0629 \u0643\u0634\u0641 \u0623\u0633\u0631\u0627\u0631 \u0645\u062a\u0639\u062f\u062f\u0629 \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u062a\u063a\u0637\u064a \u062b\u0644\u0627\u062b \u0646\u0642\u0627\u0637 \u062a\u0641\u062a\u064a\u0634 \u062d\u0631\u062c\u0629:<\/p>\n
\u0628\u0646\u0647\u0627\u064a\u0629 \u0647\u0630\u0627 \u0627\u0644\u0645\u062e\u062a\u0628\u0631\u060c \u0633\u064a\u0643\u0648\u0646 \u0644\u062f\u064a\u0643 \u0625\u0639\u062f\u0627\u062f \u062f\u0641\u0627\u0639 \u0645\u062a\u0639\u0645\u0642 \u064a\u0639\u0645\u0644 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 gitleaks \u0648truffleHog \u0648GitHub secret scanning \u0648\u0642\u0648\u0627\u0639\u062f \u0643\u0634\u0641 \u0645\u062e\u0635\u0635\u0629.<\/p>\n
\u0642\u0628\u0644 \u0627\u0644\u0628\u062f\u0621\u060c \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0648\u0641\u0631 \u0645\u0627 \u064a\u0644\u064a:<\/p>\n
pip<\/code>.<\/li>\n- Docker<\/strong> (\u0627\u062e\u062a\u064a\u0627\u0631\u064a\u060c \u0644\u0643\u0646 \u064a\u064f\u0648\u0635\u0649 \u0628\u0647 \u0644\u0644\u0641\u062d\u0635 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a).<\/li>\n
- \u062d\u0633\u0627\u0628 GitHub<\/strong> \u0645\u0639 \u0635\u0644\u0627\u062d\u064a\u0629 \u0625\u0646\u0634\u0627\u0621 \u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a (\u0645\u0637\u0644\u0648\u0628 \u0644\u062a\u0645\u0631\u064a\u0646 GitHub secret scanning).<\/li>\n
- \u0637\u0631\u0641\u064a\u0629<\/strong> (macOS \u0623\u0648 Linux \u0623\u0648 WSL \u0639\u0644\u0649 Windows).<\/li>\n<\/ul>\n
\u0644\u0627 \u062d\u0627\u062c\u0629 \u0644\u0623\u0633\u0631\u0627\u0631 \u062d\u0642\u064a\u0642\u064a\u0629 \u0623\u0648 \u062d\u0633\u0627\u0628\u0627\u062a \u0633\u062d\u0627\u0628\u064a\u0629. \u0633\u0646\u0633\u062a\u062e\u062f\u0645 \u0623\u0633\u0631\u0627\u0631\u0627\u064b \u0627\u062e\u062a\u0628\u0627\u0631\u064a\u0629 \u0645\u0632\u0631\u0648\u0639\u0629 \u0639\u0645\u062f\u0627\u064b \u0637\u0648\u0627\u0644 \u0647\u0630\u0627 \u0627\u0644\u0645\u062e\u062a\u0628\u0631.<\/p>\n
\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0628\u064a\u0626\u0629<\/h2>\n\u0627\u0644\u062e\u0637\u0648\u0629 1: \u0625\u0646\u0634\u0627\u0621 \u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u062e\u062a\u0628\u0627\u0631\u064a<\/h3>\n
\u0627\u0628\u062f\u0623 \u0628\u0625\u0646\u0634\u0627\u0621 \u0645\u0633\u062a\u0648\u062f\u0639 Git \u062c\u062f\u064a\u062f \u0633\u0646\u0633\u062a\u062e\u062f\u0645\u0647 \u0641\u064a \u062c\u0645\u064a\u0639 \u0627\u0644\u062a\u0645\u0627\u0631\u064a\u0646:<\/p>\n
mkdir secret-leak-lab && cd secret-leak-lab\ngit init\necho \"# Secret Leak Detection Lab\" > README.md\ngit add README.md\ngit commit -m \"Initial commit\"<\/code><\/pre>\n\u0627\u0644\u062e\u0637\u0648\u0629 2: \u0632\u0631\u0639 \u0623\u0633\u0631\u0627\u0631 \u0627\u062e\u062a\u0628\u0627\u0631\u064a\u0629<\/h3>\n
\u0646\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u0623\u0633\u0631\u0627\u0631 \u0648\u0627\u0642\u0639\u064a\u0629 (\u0644\u0643\u0646\u0647\u0627 \u0645\u0632\u064a\u0641\u0629) \u0641\u064a \u0645\u0648\u0627\u0642\u0639 \u0645\u062e\u062a\u0644\u0641\u0629 \u0644\u0645\u062d\u0627\u0643\u0627\u0629 \u0633\u064a\u0646\u0627\u0631\u064a\u0648 \u0648\u0627\u0642\u0639\u064a. \u0623\u0646\u0634\u0626 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:<\/p>\n
\u0645\u0644\u0641 .env<\/code> \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a:<\/strong><\/p>\ncat > .env <<'EOF'\nDB_HOST=localhost\nDB_PORT=5432\nDB_USER=admin\nDB_PASSWORD=SuperSecret123!\nDB_NAME=production_db\nSECRET_KEY=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6\nEOF<\/code><\/pre>\n\u0633\u0643\u0631\u064a\u0628\u062a Python \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0641\u062a\u0627\u062d AWS \u0645\u0636\u0645\u0651\u0646 \u0641\u064a \u0627\u0644\u0643\u0648\u062f:<\/strong><\/p>\ncat > deploy.py <<'EOF'\nimport boto3\n\n# WARNING: These are intentionally fake credentials for testing\nAWS_ACCESS_KEY_ID = \"AKIAIOSFODNN7EXAMPLE\"\nAWS_SECRET_ACCESS_KEY = \"wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY\"\n\ndef deploy_to_s3(bucket, file_path):\n s3 = boto3.client(\n 's3',\n aws_access_key_id=AWS_ACCESS_KEY_ID,\n aws_secret_access_key=AWS_SECRET_ACCESS_KEY\n )\n s3.upload_file(file_path, bucket, file_path)\n print(f\"Deployed {file_path} to s3:\/\/{bucket}\")\n\nif __name__ == \"__main__\":\n deploy_to_s3(\"my-app-bucket\", \"dist\/app.zip\")\nEOF<\/code><\/pre>\n\u0645\u0644\u0641 YAML \u0644\u0644\u0625\u0639\u062f\u0627\u062f \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u0644\u0633\u0644\u0629 \u0627\u062a\u0635\u0627\u0644 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a:<\/strong><\/p>\ncat > config.yml <<'EOF'\napp:\n name: my-application\n environment: production\n\ndatabase:\n url: \"postgresql:\/\/admin:SuperSecret123!@db.example.com:5432\/prod\"\n pool_size: 10\n\nredis:\n url: \"redis:\/\/:MyRedisPassword@cache.example.com:6379\/0\"\nEOF<\/code><\/pre>\n\u0645\u0644\u0641 Dockerfile \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0641\u062a\u0627\u062d API \u0641\u064a \u062a\u0639\u0644\u064a\u0645\u0629 ENV:<\/strong><\/p>\ncat > Dockerfile <<'EOF'\nFROM python:3.11-slim\n\nWORKDIR \/app\nCOPY requirements.txt .\nRUN pip install -r requirements.txt\n\n# WARNING: Never do this in production\nENV API_KEY=sk-proj-abc123def456ghi789jkl012mno345pqr678stu901vwx234\nENV STRIPE_SECRET_KEY=sk_live_4eC39HqLyjWDarjtT1zdp7dc\n\nCOPY . .\nCMD [\"python\", \"app.py\"]\nEOF<\/code><\/pre>\n\u0627\u0644\u062e\u0637\u0648\u0629 3: \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u062d\u0627\u0644\u0629 “\u0642\u0628\u0644”<\/h3>\n
\u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0645\u0631\u062d\u0644\u0629\u060c \u0644\u0627 \u0634\u064a\u0621 \u064a\u0645\u0646\u0639 \u0647\u0630\u0647 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0645\u0646 \u0623\u0646 \u064a\u062a\u0645 \u0639\u0645\u0644 commit \u0644\u0647\u0627:<\/p>\n
git add -A\ngit status<\/code><\/pre>\n\u064a\u0642\u0648\u0645 Git \u0628\u062a\u062c\u0647\u064a\u0632 \u0643\u0644 \u0634\u064a\u0621 \u0628\u0633\u0639\u0627\u062f\u0629\u060c \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u0627\u0644\u0623\u0633\u0631\u0627\u0631. \u0644\u0627 \u062a\u0648\u062c\u062f hooks\u060c \u0648\u0644\u0627 \u0641\u062d\u0635\u060c \u0648\u0644\u0627 \u062d\u0648\u0627\u062c\u0632 \u062d\u0645\u0627\u064a\u0629. \u0647\u0630\u0647 \u0647\u064a \u0627\u0644\u062d\u0627\u0644\u0629 \u0627\u0644\u062a\u064a \u062a\u0628\u062f\u0623 \u0628\u0647\u0627 \u0645\u0639\u0638\u0645 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a. \u0647\u062f\u0641\u0646\u0627 \u0647\u0648 \u062a\u063a\u064a\u064a\u0631 \u0630\u0644\u0643.<\/p>\n
# Reset staging so we can test scanning before committing\ngit reset HEAD<\/code><\/pre>\n\u0627\u0644\u062a\u0645\u0631\u064a\u0646 1: \u0627\u0644\u0641\u062d\u0635 \u0642\u0628\u0644 \u0627\u0644\u0640 commit \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 gitleaks<\/h2>\n
Gitleaks<\/a> \u0647\u064a \u0623\u062f\u0627\u0629 \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0645\u0635\u0645\u0645\u0629 \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u0636\u0645\u0646\u0629 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u062f\u0627\u062e\u0644 \u0645\u0633\u062a\u0648\u062f\u0639\u0627\u062a Git. \u062a\u062f\u0639\u0645 \u0641\u062d\u0635 \u0645\u062c\u0644\u062f \u0627\u0644\u0639\u0645\u0644 \u0648\u0633\u062c\u0644 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0640 commit\u060c \u0648\u064a\u0645\u0643\u0646 \u062a\u0634\u063a\u064a\u0644\u0647\u0627 \u0643\u0640 pre-commit hook \u0644\u062d\u0638\u0631 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0642\u0628\u0644 \u0623\u0646 \u064a\u062a\u0645 \u0639\u0645\u0644 commit \u0644\u0647\u0627.<\/p>\n\u062a\u062b\u0628\u064a\u062a gitleaks<\/h3>\n
\u0627\u062e\u062a\u0631 \u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0645\u0641\u0636\u0644\u0629 \u0644\u062f\u064a\u0643:<\/p>\n
# macOS (Homebrew)\nbrew install gitleaks\n\n# Docker\ndocker pull zricethezav\/gitleaks:latest\n\n# Go (from source)\ngo install github.com\/gitleaks\/gitleaks\/v8@latest<\/code><\/pre>\n\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u062a\u062b\u0628\u064a\u062a:<\/p>\n
gitleaks version<\/code><\/pre>\n\u062a\u0634\u063a\u064a\u0644 gitleaks \u064a\u062f\u0648\u064a\u0627\u064b<\/h3>\n
\u0627\u0641\u062d\u0635 \u0645\u062c\u0644\u062f \u0627\u0644\u0639\u0645\u0644 \u0628\u062d\u062b\u0627\u064b \u0639\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631:<\/p>\n
gitleaks detect --source . -v<\/code><\/pre>\n\u064a\u062c\u0628 \u0623\u0646 \u062a\u0631\u0649 \u0645\u062e\u0631\u062c\u0627\u062a \u0645\u0634\u0627\u0628\u0647\u0629 \u0644\u0645\u0627 \u064a\u0644\u064a:<\/p>\n
Finding: AWS_ACCESS_KEY_ID = \"AKIAIOSFODNN7EXAMPLE\"\nSecret: AKIAIOSFODNN7EXAMPLE\nRuleID: aws-access-key-id\nEntropy: 3.52\nFile: deploy.py\nLine: 4\n\nFinding: AWS_SECRET_ACCESS_KEY = \"wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY\"\nSecret: wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY\nRuleID: aws-secret-access-key\nEntropy: 4.71\nFile: deploy.py\nLine: 5\n\nFinding: DB_PASSWORD=SuperSecret123!\nSecret: SuperSecret123!\nRuleID: generic-credential\nEntropy: 3.40\nFile: .env\nLine: 4\n\nFinding: STRIPE_SECRET_KEY=sk_live_4eC39HqLyjWDarjtT1zdp7dc\nSecret: sk_live_4eC39HqLyjWDarjtT1zdp7dc\nRuleID: stripe-secret-key\nEntropy: 4.20\nFile: Dockerfile\nLine: 9\n\n12:14PM INF 6 commits scanned.\n12:14PM WRN leaks found: 6<\/code><\/pre>\n\u064a\u062a\u0639\u0631\u0641 Gitleaks \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d \u0639\u0644\u0649 \u0645\u0641\u0627\u062a\u064a\u062d AWS \u0648\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0639\u0627\u0645\u0629 \u0648\u0645\u0641\u0627\u062a\u064a\u062d Stripe \u0648\u063a\u064a\u0631\u0647\u0627. \u064a\u062a\u0636\u0645\u0646 \u0643\u0644 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0645\u0644\u0641 \u0648\u0631\u0642\u0645 \u0627\u0644\u0633\u0637\u0631 \u0648\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0643\u0634\u0641 \u0627\u0644\u062a\u064a \u0623\u0637\u0644\u0642\u062a\u0647.<\/p>\n
\u0625\u0639\u062f\u0627\u062f gitleaks \u0643\u0640 Pre-commit Hook<\/h3>\n
\u064a\u0633\u0647\u0651\u0644 \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 pre-commit<\/a> \u062a\u0634\u063a\u064a\u0644 gitleaks \u062a\u0644\u0642\u0627\u0626\u064a\u0627\u064b \u0642\u0628\u0644 \u0643\u0644 \u0639\u0645\u0644\u064a\u0629 commit. \u0623\u0648\u0644\u0627\u064b\u060c \u062b\u0628\u0651\u062a pre-commit:<\/p>\npip install pre-commit<\/code><\/pre>\n\u0623\u0646\u0634\u0626 \u0645\u0644\u0641 .pre-commit-config.yaml<\/code> \u0641\u064a \u062c\u0630\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639:<\/p>\nrepos:\n - repo: https:\/\/github.com\/gitleaks\/gitleaks\n rev: v8.21.2\n hooks:\n - id: gitleaks<\/code><\/pre>\n\u062b\u0628\u0651\u062a \u0627\u0644\u0640 hook:<\/p>\n
pre-commit install<\/code><\/pre>\n\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0640 Hook: \u0639\u0645\u0644 commit \u0644\u0633\u0631 (\u0645\u062d\u0638\u0648\u0631)<\/h3>\ngit add deploy.py\ngit commit -m \"Add deployment script\"<\/code><\/pre>\n\u064a\u062a\u0645 \u062d\u0638\u0631 \u0627\u0644\u0640 commit:<\/p>\n
Detect hardcoded secrets.................................................Failed\n- hook id: gitleaks\n- exit code: 1\n\n12:15PM WRN leaks found: 2\n<\/code><\/pre>\n\u064a\u0648\u0642\u0641 pre-commit hook \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0640 commit \u0628\u0627\u0644\u0643\u0627\u0645\u0644. \u0644\u0627 \u064a\u0635\u0644 \u0627\u0644\u0633\u0631 \u0623\u0628\u062f\u0627\u064b \u0625\u0644\u0649 \u0633\u062c\u0644 Git.<\/p>\n
\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0640 Hook: \u0639\u0645\u0644 commit \u0644\u0643\u0648\u062f \u0646\u0638\u064a\u0641 (\u064a\u0645\u0631 \u0628\u0646\u062c\u0627\u062d)<\/h3>\n
\u0623\u0646\u0634\u0626 \u0645\u0644\u0641\u0627\u064b \u0644\u0627 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0623\u0633\u0631\u0627\u0631:<\/p>\n
cat > utils.py <<'EOF'\ndef format_date(date_obj):\n return date_obj.strftime(\"%Y-%m-%d\")\n\ndef sanitize_input(user_input):\n return user_input.strip().replace(\"<\", \"<\").replace(\">\", \">\")\nEOF\n\ngit add utils.py\ngit commit -m \"Add utility functions\"<\/code><\/pre>\n\u0627\u0644\u0645\u062e\u0631\u062c\u0627\u062a:<\/p>\n
Detect hardcoded secrets.................................................Passed\n[main abc1234] Add utility functions\n 1 file changed, 5 insertions(+)\n<\/code><\/pre>\n\u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0646\u0638\u064a\u0641 \u064a\u0645\u0631 \u0628\u062f\u0648\u0646 \u0645\u0634\u0627\u0643\u0644.<\/p>\n
\u0627\u0644\u062a\u0645\u0631\u064a\u0646 2: \u0627\u0644\u0641\u062d\u0635 \u062f\u0627\u062e\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 gitleaks \u0641\u064a GitHub Actions<\/h2>\n
\u062a\u064f\u0639\u062f pre-commit hooks \u0637\u0628\u0642\u0629 \u0623\u0648\u0644\u0649 \u0642\u0648\u064a\u0629\u060c \u0644\u0643\u0646\u0647\u0627 \u062a\u0639\u0645\u0644 \u0645\u062d\u0644\u064a\u0627\u064b \u0648\u064a\u0645\u0643\u0646 \u062a\u062c\u0627\u0648\u0632\u0647\u0627. \u064a\u0636\u064a\u0641 \u0627\u0644\u0641\u062d\u0635 \u062f\u0627\u062e\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0637\u0628\u0642\u0629 \u0625\u0646\u0641\u0627\u0630 \u0645\u0646 \u062c\u0627\u0646\u0628 \u0627\u0644\u062e\u0627\u062f\u0645 \u0644\u0627 \u064a\u0645\u0643\u0646 \u062a\u062e\u0637\u064a\u0647\u0627.<\/p>\n
\u0625\u0646\u0634\u0627\u0621 \u0633\u064a\u0631 \u0639\u0645\u0644 GitHub Actions<\/h3>\n
\u0623\u0646\u0634\u0626 \u0627\u0644\u0645\u0644\u0641 .github\/workflows\/secret-scan.yml<\/code> \u0628\u0627\u0644\u0645\u062d\u062a\u0648\u0649 \u0627\u0644\u062a\u0627\u0644\u064a:<\/p>\nname: Secret Scanning\n\non:\n push:\n branches: [main, develop]\n pull_request:\n branches: [main]\n\njobs:\n gitleaks:\n name: Detect Secrets with gitleaks\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code\n uses: actions\/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Run gitleaks\n uses: gitleaks\/gitleaks-action@v2\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}\n<\/code><\/pre>\n\u0645\u0639\u0627\u0645\u0644 fetch-depth: 0<\/code> \u0636\u0631\u0648\u0631\u064a \u2014 \u0641\u0647\u0648 \u064a\u0636\u0645\u0646 \u062a\u0648\u0641\u0631 \u0633\u062c\u0644 Git \u0627\u0644\u0643\u0627\u0645\u0644 \u062d\u062a\u0649 \u064a\u062a\u0645\u0643\u0646 gitleaks \u0645\u0646 \u0641\u062d\u0635 \u062c\u0645\u064a\u0639 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0640 commit\u060c \u0648\u0644\u064a\u0633 \u0641\u0642\u0637 \u0627\u0644\u0623\u062e\u064a\u0631\u0629.<\/p>\n\u0643\u064a\u0641 \u064a\u0639\u0645\u0644 \u0641\u064a \u0627\u0644\u0645\u0645\u0627\u0631\u0633\u0629 \u0627\u0644\u0639\u0645\u0644\u064a\u0629<\/h3>\n
\u0627\u0644\u0633\u064a\u0646\u0627\u0631\u064a\u0648 \u0623: \u0637\u0644\u0628 \u0633\u062d\u0628 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u0631 \u0645\u0633\u0631\u0651\u0628.<\/strong> \u064a\u0636\u064a\u0641 \u0645\u0637\u0648\u0631 \u0645\u0641\u062a\u0627\u062d API \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0644\u062e\u0637\u0623 \u0625\u0644\u0649 \u0645\u0644\u0641 \u0625\u0639\u062f\u0627\u062f \u0648\u064a\u0641\u062a\u062d \u0637\u0644\u0628 \u0633\u062d\u0628. \u064a\u0641\u062d\u0635 gitleaks action \u0627\u0644\u0641\u0631\u0642\u060c \u0648\u064a\u0643\u062a\u0634\u0641 \u0627\u0644\u0633\u0631\u060c \u0648\u064a\u064f\u0639\u0644\u0651\u0645 \u0627\u0644\u0641\u062d\u0635 \u0639\u0644\u0649 \u0623\u0646\u0647 \u0641\u0627\u0634\u0644. \u0644\u0627 \u064a\u0645\u0643\u0646 \u062f\u0645\u062c \u0637\u0644\u0628 \u0627\u0644\u0633\u062d\u0628 \u062d\u062a\u0649 \u062a\u062a\u0645 \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0633\u0631.<\/p>\n\u0627\u0644\u0633\u064a\u0646\u0627\u0631\u064a\u0648 \u0628: \u0637\u0644\u0628 \u0633\u062d\u0628 \u0646\u0638\u064a\u0641.<\/strong> \u064a\u0641\u062a\u062d \u0645\u0637\u0648\u0631 \u0637\u0644\u0628 \u0633\u062d\u0628 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0645\u0646\u0637\u0642 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0628\u062f\u0648\u0646 \u0623\u0633\u0631\u0627\u0631. \u064a\u0641\u062d\u0635 gitleaks action \u0627\u0644\u0641\u0631\u0642\u060c \u0648\u0644\u0627 \u064a\u062c\u062f \u0634\u064a\u0626\u0627\u064b\u060c \u0648\u064a\u064f\u0639\u0644\u0651\u0645 \u0627\u0644\u0641\u062d\u0635 \u0639\u0644\u0649 \u0623\u0646\u0647 \u0646\u0627\u062c\u062d. \u064a\u0645\u0643\u0646 \u0644\u0637\u0644\u0628 \u0627\u0644\u0633\u062d\u0628 \u0627\u0644\u0645\u062a\u0627\u0628\u0639\u0629 \u0625\u0644\u0649 \u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u0643\u0648\u062f \u0648\u0627\u0644\u062f\u0645\u062c.<\/p>\n\u0644\u0625\u0646\u0641\u0627\u0630 \u0647\u0630\u0627\u060c \u0627\u0630\u0647\u0628 \u0625\u0644\u0649 \u0625\u0639\u062f\u0627\u062f\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 Settings \u2190 Branches \u2190 Branch protection rules<\/strong> \u0648\u0623\u0636\u0641 gitleaks<\/code> \u0643\u0641\u062d\u0635 \u062d\u0627\u0644\u0629 \u0645\u0637\u0644\u0648\u0628 \u0644\u0644\u0641\u0631\u0639 main<\/code>. \u0647\u0630\u0627 \u064a\u0645\u0646\u0639 \u0623\u064a \u0634\u062e\u0635 \u0645\u0646 \u062f\u0645\u062c \u0637\u0644\u0628 \u0633\u062d\u0628 \u064a\u0641\u0634\u0644 \u0641\u064a \u0641\u062d\u0635 \u0627\u0644\u0623\u0633\u0631\u0627\u0631.<\/p>\n\u0627\u0644\u062a\u0645\u0631\u064a\u0646 3: \u0627\u0644\u0641\u062d\u0635 \u062f\u0627\u062e\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 truffleHog<\/h2>\n
TruffleHog<\/a> \u064a\u062a\u0628\u0639 \u0646\u0647\u062c\u0627\u064b \u0645\u062e\u062a\u0644\u0641\u0627\u064b \u0641\u064a \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631. \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u0645\u0637\u0627\u0628\u0642\u0629 \u0627\u0644\u0623\u0646\u0645\u0627\u0637\u060c \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u062a\u062d\u0642\u0642<\/strong> \u0645\u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u0643\u062a\u0634\u0641\u0629 \u0646\u0634\u0637\u0629 \u0641\u0639\u0644\u0627\u064b \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u062e\u062a\u0628\u0627\u0631\u0647\u0627 \u0645\u0642\u0627\u0628\u0644 API \u0627\u0644\u062e\u062f\u0645\u0629 \u0627\u0644\u0645\u0642\u0627\u0628\u0644\u0629.<\/p>\n\u062a\u062b\u0628\u064a\u062a truffleHog<\/h3>\n# pip\npip install trufflehog\n\n# Docker\ndocker pull trufflesecurity\/trufflehog:latest\n\n# Homebrew\nbrew install trufflehog<\/code><\/pre>\n\u062a\u0634\u063a\u064a\u0644 truffleHog \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\u064a<\/h3>\n# Scan the local repo\ntrufflehog git file:\/\/. --only-verified<\/code><\/pre>\n\u0639\u0644\u0627\u0645\u0629 --only-verified<\/code> \u062a\u064f\u062e\u0628\u0631 truffleHog \u0628\u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0641\u0642\u0637 \u0639\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u064a \u062a\u0623\u0643\u062f \u0645\u0646 \u0623\u0646\u0647\u0627 \u0646\u0634\u0637\u0629. \u0647\u0630\u0627 \u064a\u0642\u0644\u0644 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631 \u0645\u0646 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0627\u0644\u0643\u0627\u0630\u0628\u0629. \u0625\u0630\u0627 \u0623\u0631\u062f\u062a \u0631\u0624\u064a\u0629 \u062c\u0645\u064a\u0639 \u0627\u0644\u0627\u0643\u062a\u0634\u0627\u0641\u0627\u062a \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u063a\u064a\u0631 \u0627\u0644\u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647\u0627\u060c \u0627\u062d\u0630\u0641 \u0627\u0644\u0639\u0644\u0627\u0645\u0629:<\/p>\n# Show all findings (verified and unverified)\ntrufflehog git file:\/\/.<\/code><\/pre>\n\u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647 \u0645\u0642\u0627\u0628\u0644 \u063a\u064a\u0631 \u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647:<\/strong> \u0627\u0644\u0633\u0631 \u0627\u0644\u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647<\/em> \u0647\u0648 \u0633\u0631 \u0627\u062e\u062a\u0628\u0631\u0647 truffleHog \u0645\u0642\u0627\u0628\u0644 API \u0627\u0644\u0645\u0632\u0648\u062f \u0648\u062a\u0623\u0643\u062f \u0645\u0646 \u0623\u0646\u0647 \u0646\u0634\u0637. \u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0633\u064a\u062d\u0627\u0648\u0644 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0641\u062a\u0627\u062d AWS \u0644\u0645\u0639\u0631\u0641\u0629 \u0645\u0627 \u0625\u0630\u0627 \u0643\u0627\u0646 \u064a\u0639\u0645\u0644. \u0627\u0644\u0633\u0631 \u063a\u064a\u0631 \u0627\u0644\u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647<\/em> \u064a\u0637\u0627\u0628\u0642 \u0646\u0645\u0637\u0627\u064b \u0645\u0639\u0631\u0648\u0641\u0627\u064b \u0644\u0643\u0646 \u0644\u0645 \u064a\u062a\u0645 \u062a\u0623\u0643\u064a\u062f\u0647 \u0643\u0646\u0634\u0637 \u2014 \u0642\u062f \u064a\u0643\u0648\u0646 \u0645\u0641\u062a\u0627\u062d\u0627\u064b \u0645\u064f\u0644\u063a\u0649 \u0623\u0648 \u0639\u0646\u0635\u0631\u0627\u064b \u0646\u0627\u0626\u0628\u0627\u064b \u0623\u0648 \u0646\u062a\u064a\u062c\u0629 \u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0643\u0627\u0630\u0628\u0629.<\/p>\n\u0625\u0646\u0634\u0627\u0621 \u0645\u0647\u0645\u0629 \u0641\u064a \u0623\u0646\u0628\u0648\u0628 GitLab CI<\/h3>\n
\u064a\u062a\u0643\u0627\u0645\u0644 TruffleHog \u0628\u0634\u0643\u0644 \u062c\u064a\u062f \u0645\u0639 GitLab CI. \u0623\u0636\u0641 \u0645\u0627 \u064a\u0644\u064a \u0625\u0644\u0649 \u0645\u0644\u0641 .gitlab-ci.yml<\/code>:<\/p>\nstages:\n - security\n\nsecret-scan:\n stage: security\n image:\n name: trufflesecurity\/trufflehog:latest\n entrypoint: [\"\"]\n script:\n - trufflehog git file:\/\/. --fail --json > trufflehog-results.json\n artifacts:\n when: always\n paths:\n - trufflehog-results.json\n expire_in: 30 days\n rules:\n - if: '$CI_PIPELINE_SOURCE == \"merge_request_event\"'\n - if: '$CI_COMMIT_BRANCH == \"main\"'\n<\/code><\/pre>\n\u0639\u0644\u0627\u0645\u0629 --fail<\/code> \u062a\u062c\u0639\u0644 truffleHog \u064a\u062e\u0631\u062c \u0628\u0631\u0645\u0632 \u062d\u0627\u0644\u0629 \u063a\u064a\u0631 \u0635\u0641\u0631\u064a \u0625\u0630\u0627 \u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u0623\u0633\u0631\u0627\u0631\u060c \u0645\u0645\u0627 \u064a\u064f\u0641\u0634\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628. \u0639\u0644\u0627\u0645\u0629 --json<\/code> \u062a\u064f\u062e\u0631\u062c \u0646\u062a\u0627\u0626\u062c \u0645\u0646\u0638\u0645\u0629 \u064a\u0645\u0643\u0646 \u062a\u062d\u0644\u064a\u0644\u0647\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 \u0623\u062f\u0648\u0627\u062a \u0623\u0648 \u0644\u0648\u062d\u0627\u062a \u062a\u062d\u0643\u0645 \u0623\u062e\u0631\u0649.<\/p>\ngitleaks \u0645\u0642\u0627\u0628\u0644 truffleHog: \u0645\u062a\u0649 \u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u064a\u0627\u064b \u0645\u0646\u0647\u0645\u0627<\/h3>\n
\n\n\n\u0627\u0644\u0645\u064a\u0632\u0629<\/th>\n gitleaks<\/th>\n truffleHog<\/th>\n<\/tr>\n<\/thead>\n \n\n\u0637\u0631\u064a\u0642\u0629 \u0627\u0644\u0643\u0634\u0641<\/td>\n Regex + entropy<\/td>\n Regex + entropy + verification<\/td>\n<\/tr>\n \n\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631<\/td>\n \u0644\u0627<\/td>\n \u0646\u0639\u0645 (\u064a\u062e\u062a\u0628\u0631 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u0633\u0631 \u0646\u0634\u0637\u0627\u064b)<\/td>\n<\/tr>\n \n\u0627\u0644\u0633\u0631\u0639\u0629<\/td>\n \u0633\u0631\u064a\u0639 \u062c\u062f\u0627\u064b<\/td>\n \u0623\u0628\u0637\u0623 (\u0628\u0633\u0628\u0628 \u0627\u0644\u062a\u062d\u0642\u0642)<\/td>\n<\/tr>\n \n\u0645\u0639\u062f\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0627\u0644\u0643\u0627\u0630\u0628\u0629<\/td>\n \u0645\u062a\u0648\u0633\u0637<\/td>\n \u0645\u0646\u062e\u0641\u0636 (\u0645\u0639 –only-verified)<\/td>\n<\/tr>\n \n\u0642\u0648\u0627\u0639\u062f \u0645\u062e\u0635\u0635\u0629<\/td>\n \u0646\u0639\u0645 (.gitleaks.toml)<\/td>\n \u0646\u0639\u0645 (custom detectors)<\/td>\n<\/tr>\n \n\u062f\u0639\u0645 Pre-commit<\/td>\n \u0623\u0635\u0644\u064a<\/td>\n \u0639\u0628\u0631 \u0633\u0643\u0631\u064a\u0628\u062a \u0645\u064f\u063a\u0644\u0651\u0641<\/td>\n<\/tr>\n \n\u0627\u0644\u0623\u0641\u0636\u0644 \u0644\u0640<\/td>\n \u0641\u062d\u0635 pre-commit \u0648PR \u0627\u0644\u0633\u0631\u064a\u0639<\/td>\n \u0627\u0644\u0641\u062d\u0635 \u0627\u0644\u0639\u0645\u064a\u0642 \u0648\u0627\u0644\u062a\u062d\u0642\u0642<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\u0627\u0644\u062a\u0648\u0635\u064a\u0629:<\/strong> \u0627\u0633\u062a\u062e\u062f\u0645 gitleaks \u0644\u0640 pre-commit hooks \u0627\u0644\u0633\u0631\u064a\u0639\u0629 \u0648\u0641\u062d\u0648\u0635\u0627\u062a PR. \u0627\u0633\u062a\u062e\u062f\u0645 truffleHog \u0644\u0644\u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0639\u0645\u064a\u0642\u0629 \u0627\u0644\u062f\u0648\u0631\u064a\u0629 \u0648\u0639\u0646\u062f\u0645\u0627 \u062a\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u0646\u062a\u0627\u0626\u062c \u0645\u064f\u062a\u062d\u0642\u0642 \u0645\u0646\u0647\u0627 \u0644\u062a\u062d\u062f\u064a\u062f \u0623\u0648\u0644\u0648\u064a\u0627\u062a \u0627\u0644\u0645\u0639\u0627\u0644\u062c\u0629.<\/p>\n\u0627\u0644\u062a\u0645\u0631\u064a\u0646 4: GitHub Secret Scanning \u0648Push Protection<\/h2>\n
\u064a\u0648\u0641\u0631 GitHub \u0641\u062d\u0635 \u0623\u0633\u0631\u0627\u0631 \u0645\u062f\u0645\u062c \u064a\u0639\u0645\u0644 \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0646\u0635\u0629. \u0639\u0644\u0649 \u0639\u0643\u0633 gitleaks \u0648truffleHog \u0627\u0644\u0644\u0630\u064a\u0646 \u062a\u0642\u0648\u0645 \u0628\u062a\u062b\u0628\u064a\u062a\u0647\u0645\u0627 \u0648\u0625\u0639\u062f\u0627\u062f\u0647\u0645\u0627 \u0628\u0646\u0641\u0633\u0643\u060c \u0641\u0625\u0646 GitHub secret scanning \u0645\u062f\u0645\u062c \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0625\u0639\u062f\u0627\u062f\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/p>\n
\u062a\u0641\u0639\u064a\u0644 Secret Scanning<\/h3>\n\n- \u0627\u0630\u0647\u0628 \u0625\u0644\u0649 \u0645\u0633\u062a\u0648\u062f\u0639\u0643 \u0639\u0644\u0649 GitHub.<\/li>\n
- \u0627\u0646\u062a\u0642\u0644 \u0625\u0644\u0649 Settings \u2190 Code security and analysis<\/strong>.<\/li>\n
- \u0641\u0639\u0651\u0644 Secret scanning<\/strong>.<\/li>\n
- \u0641\u0639\u0651\u0644 Push protection<\/strong>.<\/li>\n<\/ol>\n
Push protection \u0647\u064a \u0627\u0644\u0645\u064a\u0632\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0647\u0646\u0627. \u0639\u0646\u062f \u062a\u0641\u0639\u064a\u0644\u0647\u0627\u060c \u0633\u064a\u062d\u0638\u0631 GitHub \u0623\u064a \u0639\u0645\u0644\u064a\u0629 push \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0646\u0645\u0637 \u0633\u0631 \u0645\u0639\u0631\u0648\u0641 \u0642\u0628\u0644 \u0623\u0646 \u062a\u0635\u0644 \u0625\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/p>\n
\u0627\u062e\u062a\u0628\u0627\u0631 Push Protection<\/h3>\n
\u062d\u0627\u0648\u0644 \u0639\u0645\u0644 push \u0644\u0640 commit \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0646\u0645\u0637 \u0633\u0631 \u0645\u0639\u0631\u0648\u0641\u060c \u0645\u062b\u0644 \u0645\u0641\u062a\u0627\u062d \u0648\u0635\u0648\u0644 AWS \u0623\u0648 \u0631\u0645\u0632 \u0648\u0635\u0648\u0644 \u0634\u062e\u0635\u064a \u0644\u0640 GitHub:<\/p>\n
# Stage and commit a file with a test secret\ngit add deploy.py\ngit commit -m \"Add deploy script\"\ngit push origin main<\/code><\/pre>\n\u064a\u062d\u0638\u0631 GitHub \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062f\u0641\u0639 \u0628\u0631\u0633\u0627\u0644\u0629 \u0645\u062b\u0644:<\/p>\n
remote: error: GH013: Repository rule violations found for refs\/heads\/main.\nremote:\n remote: - GITHUB PUSH PROTECTION\nremote: \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\nremote: Resolve the following violations before pushing again\nremote:\nremote: \u2014 Push cannot contain secrets \u2014\nremote:\nremote:\nremote: (?) To push, remove secret from commit(s) or follow this URL to allow the secret.\nremote:\nremote: \u2014 Amazon AWS Access Key ID \u2014\nremote: locations:\n remote: - commit: abc1234def5678\n remote: path: deploy.py:4\nremote:\n! [remote rejected] main -> main (push rule violations)\nerror: failed to push some refs<\/code><\/pre>\n\u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0627\u0644\u0643\u0627\u0630\u0628\u0629<\/h3>\n
\u0625\u0630\u0627 \u0648\u0636\u0639 GitHub \u0639\u0644\u0627\u0645\u0629 \u0639\u0644\u0649 \u0642\u064a\u0645\u0629 \u0644\u064a\u0633\u062a \u0633\u0631\u0627\u064b \u062d\u0642\u064a\u0642\u064a\u0627\u064b (\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644\u060c \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u062e\u062a\u0628\u0627\u0631 \u062b\u0627\u0628\u062a\u0629 \u0623\u0648 \u0645\u062b\u0627\u0644 \u062a\u0648\u062b\u064a\u0642\u064a)\u060c \u064a\u0645\u0643\u0646\u0643 \u062a\u062c\u0627\u0648\u0632 push protection \u0645\u0639 \u062a\u0642\u062f\u064a\u0645 \u0633\u0628\u0628. \u064a\u0648\u0641\u0631 GitHub \u0631\u0627\u0628\u0637\u0627\u064b \u0641\u064a \u0631\u0633\u0627\u0644\u0629 \u0627\u0644\u0631\u0641\u0636 \u062d\u064a\u062b \u064a\u0645\u0643\u0646\u0643:<\/p>\n
\n- \u0627\u062e\u062a\u064a\u0627\u0631 \u0633\u0628\u0628 \u0627\u0644\u062a\u062c\u0627\u0648\u0632: “\u064a\u064f\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\u0627\u062a”<\/strong> \u0623\u0648 “\u0646\u062a\u064a\u062c\u0629 \u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0643\u0627\u0630\u0628\u0629”<\/strong> \u0623\u0648 “\u0633\u0623\u0635\u0644\u062d\u0647 \u0644\u0627\u062d\u0642\u0627\u064b”<\/strong>.<\/li>\n
- \u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u062a\u062c\u0627\u0648\u0632\u060c \u0645\u0645\u0627 \u064a\u0633\u0645\u062d \u0628\u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062f\u0641\u0639 \u0644\u0643\u0646 \u064a\u064f\u0633\u062c\u0651\u0644 \u0627\u0644\u062d\u062f\u062b \u0644\u0644\u062a\u062f\u0642\u064a\u0642.<\/li>\n<\/ul>\n
\u064a\u0645\u0643\u0646 \u0644\u0645\u0633\u0624\u0648\u0644\u064a \u0627\u0644\u0645\u0624\u0633\u0633\u0629 \u0631\u0624\u064a\u0629 \u062c\u0645\u064a\u0639 \u0627\u0644\u062a\u062c\u0627\u0648\u0632\u0627\u062a \u0641\u064a \u0644\u0648\u062d\u0629 \u062a\u062d\u0643\u0645 Security \u2190 Secret scanning<\/strong>.<\/p>\n\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0634\u0631\u0643\u0627\u0621<\/h3>\n
\u064a\u062a\u0634\u0627\u0631\u0643 GitHub \u0645\u0639 \u0623\u0643\u062b\u0631 \u0645\u0646 200 \u0645\u0632\u0648\u062f \u062e\u062f\u0645\u0629 (AWS \u0648Stripe \u0648Twilio \u0648SendGrid \u0648\u063a\u064a\u0631\u0647\u0627) \u0645\u0646 \u062e\u0644\u0627\u0644 \u0628\u0631\u0646\u0627\u0645\u062c \u0634\u0631\u0643\u0627\u0621 secret scanning<\/strong>. \u0639\u0646\u062f \u0627\u0643\u062a\u0634\u0627\u0641 \u0633\u0631 \u0645\u0646 \u0634\u0631\u064a\u0643:<\/p>\n\n- \u064a\u064f\u062e\u0637\u0631 GitHub \u0645\u0632\u0648\u062f \u0627\u0644\u062e\u062f\u0645\u0629 \u062a\u0644\u0642\u0627\u0626\u064a\u0627\u064b.<\/li>\n
- \u064a\u0644\u063a\u064a \u0627\u0644\u0645\u0632\u0648\u062f \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0629.<\/li>\n
- \u064a\u062a\u0645 \u0625\u062e\u0637\u0627\u0631 \u0645\u0627\u0644\u0643 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0639\u0628\u0631 \u0627\u0644\u0628\u0631\u064a\u062f \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a \u0648\u062a\u0628\u0648\u064a\u0628 Security.<\/li>\n<\/ol>\n
\u0647\u0630\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647 \u062d\u062a\u0649 \u0644\u0648 \u062a\u0633\u0644\u0644 \u0633\u0631 \u0645\u062a\u062c\u0627\u0648\u0632\u0627\u064b \u062c\u0645\u064a\u0639 \u062e\u0637\u0648\u0637 \u0627\u0644\u062f\u0641\u0627\u0639 \u0627\u0644\u0623\u062e\u0631\u0649 \u0648\u0648\u0635\u0644 \u0625\u0644\u0649 \u0645\u0633\u062a\u0648\u062f\u0639 \u0639\u0627\u0645\u060c \u064a\u0645\u0643\u0646 \u062a\u0642\u0644\u064a\u0644 \u0646\u0627\u0641\u0630\u0629 \u0627\u0644\u0636\u0631\u0631 \u0625\u0644\u0649 \u062f\u0642\u0627\u0626\u0642 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0627\u0644\u0625\u0644\u063a\u0627\u0621 \u0627\u0644\u062a\u0644\u0642\u0627\u0626\u064a.<\/p>\n
\u0627\u0644\u062a\u0645\u0631\u064a\u0646 5: \u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u062e\u0635\u0635\u0629<\/h2>\n
\u062a\u063a\u0637\u064a \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0643\u0634\u0641 \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629 \u0627\u0644\u0645\u0632\u0648\u062f\u064a\u0646 \u0627\u0644\u0634\u0627\u0626\u0639\u064a\u0646 (AWS \u0648Stripe \u0648GitHub \u0648Google Cloud \u0648\u063a\u064a\u0631\u0647\u0627)\u060c \u0644\u0643\u0646 \u0645\u0639\u0638\u0645 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0644\u062f\u064a\u0647\u0627 \u0623\u064a\u0636\u0627\u064b \u0623\u0633\u0631\u0627\u0631 \u062f\u0627\u062e\u0644\u064a\u0629 \u0628\u062a\u0646\u0633\u064a\u0642\u0627\u062a \u0645\u062e\u0635\u0635\u0629 \u0644\u0646 \u062a\u0643\u062a\u0634\u0641\u0647\u0627 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0642\u064a\u0627\u0633\u064a\u0629. \u064a\u062f\u0639\u0645 Gitleaks \u0627\u0644\u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0645\u062e\u0635\u0635\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0645\u0644\u0641 \u0625\u0639\u062f\u0627\u062f .gitleaks.toml<\/code>.<\/p>\n\u0625\u0646\u0634\u0627\u0621 \u0625\u0639\u062f\u0627\u062f gitleaks \u0645\u062e\u0635\u0635<\/h3>\n
\u0623\u0646\u0634\u0626 \u0645\u0644\u0641 .gitleaks.toml<\/code> \u0641\u064a \u062c\u0630\u0631 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639:<\/p>\n[extend]\n# Extend the default gitleaks configuration\n# useDefault = true\n\n[[rules]]\nid = \"mycompany-api-key\"\ndescription = \"MyCompany Internal API Key\"\nregex = '''MYCOMPANY-KEY-[A-Za-z0-9]{32}'''\ntags = [\"internal\", \"api-key\"]\nkeywords = [\"mycompany-key\"]\n\n[[rules]]\nid = \"internal-database-url\"\ndescription = \"Internal Database Connection String\"\nregex = '''postgresql:\/\/[^:]+:[^@]+@internal-db\\.[a-z0-9-]+\\.corp\\.[a-z]+\\.com'''\ntags = [\"internal\", \"database\"]\nkeywords = [\"internal-db\"]\n\n[[rules]]\nid = \"internal-jwt-signing-key\"\ndescription = \"Internal JWT Signing Key\"\nregex = '''JWT_SIGNING_KEY=[A-Za-z0-9+\/=]{64,}'''\ntags = [\"internal\", \"jwt\"]\nkeywords = [\"jwt_signing_key\"]\n\n[allowlist]\ndescription = \"Global allowlist\"\npaths = [\n '''(.*?)test(.*?)\\.py''',\n '''(.*?)_test\\.go''',\n '''(.*?)spec(.*?)\\.js''',\n '''(.*?)fixtures(.*?)''',\n '''README\\.md'''\n]\n\n[[rules.allowlist]]\nid = \"mycompany-api-key\"\nregexes = [\n '''MYCOMPANY-KEY-EXAMPLE[A-Za-z0-9]{24}''',\n '''MYCOMPANY-KEY-TEST[A-Za-z0-9]{28}'''\n]\n<\/code><\/pre>\n\u0641\u0647\u0645 \u0645\u0644\u0641 \u0627\u0644\u0625\u0639\u062f\u0627\u062f<\/h3>\n\n- \u0627\u0644\u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0645\u062e\u0635\u0635\u0629:<\/strong> \u062a\u064f\u062d\u062f\u062f \u0623\u0642\u0633\u0627\u0645
[[rules]]<\/code> \u0623\u0646\u0645\u0627\u0637\u0627\u064b \u062e\u0627\u0635\u0629 \u0628\u0645\u0624\u0633\u0633\u062a\u0643. \u064a\u0633\u062a\u062e\u062f\u0645 \u062d\u0642\u0644 regex<\/code> \u062a\u0639\u0628\u064a\u0631\u0627\u062a \u0646\u0638\u0627\u0645\u064a\u0629 \u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 Go. \u064a\u0633\u0627\u0639\u062f \u062d\u0642\u0644 keywords<\/code> \u0623\u062f\u0627\u0629 gitleaks \u0639\u0644\u0649 \u062a\u0635\u0641\u064a\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0628\u0633\u0631\u0639\u0629 \u2014 \u0641\u0642\u0637 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0627\u0644\u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0641\u062a\u0627\u062d\u064a\u0629 \u064a\u062a\u0645 \u0641\u062d\u0635\u0647\u0627 \u0628\u0627\u0644\u062a\u0639\u0628\u064a\u0631 \u0627\u0644\u0646\u0638\u0627\u0645\u064a \u0627\u0644\u0643\u0627\u0645\u0644\u060c \u0645\u0645\u0627 \u064a\u062d\u0633\u0646 \u0627\u0644\u0623\u062f\u0627\u0621.<\/li>\n- \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0645\u0627\u062d \u0627\u0644\u0639\u0627\u0645\u0629:<\/strong> \u064a\u064f\u062d\u062f\u062f \u0642\u0633\u0645
[allowlist]<\/code> \u0627\u0644\u0645\u0633\u0627\u0631\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u062c\u0628 \u0627\u0633\u062a\u0628\u0639\u0627\u062f\u0647\u0627 \u0645\u0646 \u062c\u0645\u064a\u0639 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0641\u062d\u0635. \u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631\u0627\u062a \u0648\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062b\u0627\u0628\u062a\u0629 \u0648\u0627\u0644\u062a\u0648\u062b\u064a\u0642 \u0647\u064a \u0627\u0633\u062a\u062b\u0646\u0627\u0621\u0627\u062a \u0634\u0627\u0626\u0639\u0629.<\/li>\n- \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0645\u0627\u062d \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0642\u0627\u0639\u062f\u0629:<\/strong> \u064a\u064f\u062d\u062f\u062f \u0642\u0633\u0645
[[rules.allowlist]]<\/code> \u0627\u0633\u062a\u062b\u0646\u0627\u0621\u0627\u062a \u0644\u0642\u0648\u0627\u0639\u062f \u0645\u062d\u062f\u062f\u0629. \u0647\u0646\u0627\u060c \u0646\u0633\u062a\u062b\u0646\u064a \u0645\u0641\u0627\u062a\u064a\u062d \u0627\u0644\u0623\u0645\u062b\u0644\u0629 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u0629 \u0627\u0644\u062a\u064a \u062a\u0638\u0647\u0631 \u0641\u064a \u0627\u0644\u062a\u0648\u062b\u064a\u0642 \u0623\u0648 \u0645\u0633\u0627\u0639\u062f\u0627\u062a \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631.<\/li>\n<\/ul>\n\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0645\u062e\u0635\u0635<\/h3>\n
\u0623\u0646\u0634\u0626 \u0645\u0644\u0641\u0627\u064b \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0633\u0631 \u0645\u062e\u0635\u0635 \u0644\u0644\u0627\u062e\u062a\u0628\u0627\u0631:<\/p>\n
cat > internal-config.py <<'EOF'\nMYCOMPANY_API_KEY = \"MYCOMPANY-KEY-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6\"\nEOF<\/code><\/pre>\n\u0634\u063a\u0651\u0644 gitleaks \u0645\u0639 \u0627\u0644\u0625\u0639\u062f\u0627\u062f \u0627\u0644\u0645\u062e\u0635\u0635:<\/p>\n
gitleaks detect --source . --config .gitleaks.toml -v<\/code><\/pre>\n\u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0645\u062e\u0635\u0635\u0629 \u0645\u0641\u062a\u0627\u062d API \u0627\u0644\u062f\u0627\u062e\u0644\u064a \u0627\u0644\u0630\u064a \u0643\u0627\u0646 \u0633\u064a\u064f\u0641\u0648\u064e\u0651\u062a \u0628\u0627\u0644\u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0627\u0641\u062a\u0631\u0627\u0636\u064a\u0629.<\/p>\n
\u0628\u0646\u0627\u0621 \u0627\u0633\u062a\u0631\u0627\u062a\u064a\u062c\u064a\u0629 \u0627\u0644\u062f\u0641\u0627\u0639 \u0627\u0644\u0645\u062a\u0639\u0645\u0642<\/h2>\n
\u0644\u0627 \u062a\u0643\u0641\u064a \u0637\u0628\u0642\u0629 \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631. \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u062a\u062e\u0637\u064a pre-commit hooks. \u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u062a\u0643\u062a\u0634\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u0642\u0637 \u0641\u064a \u0648\u0642\u062a \u0637\u0644\u0628 \u0627\u0644\u0633\u062d\u0628. GitHub push protection \u064a\u063a\u0637\u064a \u0641\u0642\u0637 \u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u0645\u0632\u0648\u062f\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u064a\u0646. \u0627\u0644\u0627\u0633\u062a\u0631\u0627\u062a\u064a\u062c\u064a\u0629 \u0627\u0644\u0642\u0648\u064a\u0629 \u062a\u064f\u0637\u0628\u0651\u0642 \u0643\u0644 \u0647\u0630\u0647 \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u0645\u0639\u0627\u064b.<\/p>\n
\u0627\u0644\u0637\u0628\u0642\u0627\u062a \u0627\u0644\u062e\u0645\u0633 \u0644\u0644\u062f\u0641\u0627\u0639 \u0639\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631<\/h3>\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 Layer 1: Pre-commit Hook (gitleaks) \u2502\n\u2502 \u2192 Catches secrets before they enter local history \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 Layer 2: PR \/ Merge Request Scan (gitleaks action) \u2502\n\u2502 \u2192 Blocks PRs that contain secrets \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 Layer 3: Push Protection (GitHub \/ GitLab) \u2502\n\u2502 \u2192 Platform-level block on known secret patterns \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 Layer 4: Post-merge Scan (truffleHog scheduled) \u2502\n\u2502 \u2192 Weekly deep scan with verification \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 Layer 5: Runtime Monitoring (vault audit logs) \u2502\n\u2502 \u2192 Detect secret usage anomalies in production \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/code><\/pre>\n\u0644\u0645\u0627\u0630\u0627 \u0644\u0627 \u062a\u0643\u0641\u064a \u0637\u0628\u0642\u0629 \u0648\u0627\u062d\u062f\u0629<\/h3>\n\n- Pre-commit hooks<\/strong> \u064a\u0645\u0643\u0646 \u062a\u062c\u0627\u0648\u0632\u0647\u0627 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645
git commit --no-verify<\/code> \u0623\u0648 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0639\u0645\u064a\u0644 Git \u0644\u0627 \u064a\u062f\u0639\u0645 \u0627\u0644\u0640 hooks.<\/li>\n- \u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628<\/strong> \u062a\u0639\u0645\u0644 \u0641\u0642\u0637 \u0639\u0644\u0649 \u0627\u0644\u0641\u0631\u0648\u0639 \u0627\u0644\u062a\u064a \u062a\u064f\u0634\u063a\u0651\u0644 CI \u2014 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u062f\u0641\u0639 \u0627\u0644\u0645\u0628\u0627\u0634\u0631\u0629 \u0625\u0644\u0649 \u0627\u0644\u0641\u0631\u0648\u0639 \u063a\u064a\u0631 \u0627\u0644\u0645\u062d\u0645\u064a\u0629 \u0623\u0648 \u0639\u0645\u0644\u064a\u0627\u062a force push \u0642\u062f \u062a\u062a\u062e\u0637\u0627\u0647\u0627.<\/li>\n
- Push protection<\/strong> \u062a\u0643\u062a\u0634\u0641 \u0641\u0642\u0637 \u0623\u0646\u0645\u0627\u0637 \u0627\u0644\u0645\u0632\u0648\u062f\u064a\u0646 \u0627\u0644\u0645\u0639\u0631\u0648\u0641\u064a\u0646 \u2014 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629 \u0627\u0644\u0645\u062e\u0635\u0635\u0629 \u063a\u064a\u0631 \u0645\u0634\u0645\u0648\u0644\u0629.<\/li>\n
- \u0627\u0644\u0641\u062d\u0648\u0635\u0627\u062a \u0628\u0639\u062f \u0627\u0644\u062f\u0645\u062c<\/strong> \u062a\u0641\u0627\u0639\u0644\u064a\u0629 \u2014 \u062a\u062c\u062f \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0628\u0639\u062f \u0623\u0646 \u062a\u0643\u0648\u0646 \u0628\u0627\u0644\u0641\u0639\u0644 \u0641\u064a \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/li>\n<\/ul>\n
\u0643\u0644 \u0637\u0628\u0642\u0629 \u062a\u0639\u0648\u0651\u0636 \u0646\u0642\u0627\u0637 \u0636\u0639\u0641 \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u0627\u0644\u0623\u062e\u0631\u0649. \u0645\u0639\u0627\u064b\u060c \u062a\u064f\u0646\u0634\u0626 \u0646\u0638\u0627\u0645\u0627\u064b \u062d\u064a\u062b \u064a\u062d\u062a\u0627\u062c \u0627\u0644\u0633\u0631 \u0625\u0644\u0649 \u062a\u062c\u0627\u0648\u0632 \u062c\u0645\u064a\u0639 \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u0627\u0644\u062e\u0645\u0633 \u0644\u064a\u0645\u0631 \u062f\u0648\u0646 \u0627\u0643\u062a\u0634\u0627\u0641.<\/p>\n
\u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u064f\u062f\u0645\u062c: \u0641\u062d\u0635 PR \u0648\u0627\u0644\u0641\u062d\u0635 \u0627\u0644\u0623\u0633\u0628\u0648\u0639\u064a \u0627\u0644\u0634\u0627\u0645\u0644<\/h3>\n
\u0625\u0644\u064a\u0643 \u0633\u064a\u0631 \u0639\u0645\u0644 GitHub Actions \u0645\u064f\u062f\u0645\u062c \u064a\u064f\u0634\u063a\u0651\u0644 gitleaks \u0639\u0644\u0649 \u0643\u0644 PR \u0648\u064a\u064f\u062c\u0631\u064a \u0641\u062d\u0635\u0627\u064b \u0634\u0627\u0645\u0644\u0627\u064b \u0644\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0623\u0633\u0628\u0648\u0639\u064a\u0627\u064b:<\/p>\n
name: Secret Scanning (Multi-Layer)\n\non:\n push:\n branches: [main, develop]\n pull_request:\n branches: [main]\n schedule:\n # Full repository scan every Monday at 6:00 AM UTC\n - cron: '0 6 * * 1'\n\njobs:\n # Layer 2: PR and push scanning\n gitleaks-pr-scan:\n name: gitleaks PR Scan\n runs-on: ubuntu-latest\n if: github.event_name == 'push' || github.event_name == 'pull_request'\n steps:\n - name: Checkout code\n uses: actions\/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Run gitleaks (diff scan)\n uses: gitleaks\/gitleaks-action@v2\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n # Layer 4: Weekly deep scan with truffleHog\n trufflehog-full-scan:\n name: truffleHog Full Repository Scan\n runs-on: ubuntu-latest\n if: github.event_name == 'schedule'\n steps:\n - name: Checkout code\n uses: actions\/checkout@v4\n with:\n fetch-depth: 0\n\n - name: Install truffleHog\n run: pip install trufflehog\n\n - name: Run truffleHog (full scan with verification)\n run: |\n trufflehog git file:\/\/. --fail --json > trufflehog-results.json || true\n if [ -s trufflehog-results.json ]; then\n echo \"::error::Secrets detected in repository. See trufflehog-results.json.\"\n cat trufflehog-results.json | python -m json.tool\n exit 1\n fi\n\n - name: Upload scan results\n if: always()\n uses: actions\/upload-artifact@v4\n with:\n name: trufflehog-results\n path: trufflehog-results.json\n retention-days: 90\n<\/code><\/pre>\n\u064a\u0636\u0645\u0646 \u0633\u064a\u0631 \u0627\u0644\u0639\u0645\u0644 \u0647\u0630\u0627 \u0623\u0646 \u0643\u0644 \u062a\u063a\u064a\u064a\u0631 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u064a\u062a\u0645 \u0641\u062d\u0635\u0647 \u0641\u064a \u0627\u0644\u0648\u0642\u062a \u0627\u0644\u0641\u0639\u0644\u064a\u060c \u0648\u064a\u062a\u0645 \u062a\u062f\u0642\u064a\u0642 \u0633\u062c\u0644 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u0628\u0627\u0644\u0643\u0627\u0645\u0644 \u0623\u0633\u0628\u0648\u0639\u064a\u0627\u064b \u0628\u062d\u062b\u0627\u064b \u0639\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062a\u064a \u0642\u062f \u062a\u0643\u0648\u0646 \u0641\u064f\u0648\u0650\u0651\u062a\u062a.<\/p>\n
\u0627\u0644\u062a\u0646\u0638\u064a\u0641<\/h2>\n
\u0628\u0639\u062f \u0625\u0643\u0645\u0627\u0644 \u0627\u0644\u0645\u062e\u062a\u0628\u0631\u060c \u0623\u0632\u0644 \u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0648\u0623\u0639\u062f \u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639:<\/p>\n
# Remove test files with secrets\nrm -f .env deploy.py config.yml Dockerfile internal-config.py\n\n# Remove test configurations (optional \u2014 keep if you want to reuse them)\n# rm -f .gitleaks.toml .pre-commit-config.yaml\n\n# Commit the cleanup\ngit add -A\ngit commit -m \"Remove test secrets from lab exercises\"\n\n# If you want to completely remove secrets from Git history,\n# use git-filter-repo (more thorough than git filter-branch):\npip install git-filter-repo\ngit filter-repo --invert-paths --path deploy.py --path .env --path config.yml --path Dockerfile\n<\/code><\/pre>\n\u0645\u0647\u0645:<\/strong> \u0645\u062c\u0631\u062f \u062d\u0630\u0641 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0644\u0627 \u064a\u0632\u064a\u0644\u0647\u0627 \u0645\u0646 \u0633\u062c\u0644 Git. \u0623\u064a \u0634\u062e\u0635 \u0644\u062f\u064a\u0647 \u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639 \u064a\u0645\u0643\u0646\u0647 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0640 commit \u0627\u0644\u0633\u0627\u0628\u0642\u0629. \u0627\u0633\u062a\u062e\u062f\u0645 git-filter-repo<\/code> \u0644\u0625\u0639\u0627\u062f\u0629 \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0633\u062c\u0644 \u0648\u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0646\u0647\u0627\u0626\u064a\u0627\u064b. \u0628\u0639\u062f \u0625\u0639\u0627\u062f\u0629 \u0643\u062a\u0627\u0628\u0629 \u0627\u0644\u0633\u062c\u0644\u060c \u0642\u0645 \u0628\u0639\u0645\u0644 force-push \u0625\u0644\u0649 \u0627\u0644\u062e\u0627\u062f\u0645 \u0627\u0644\u0628\u0639\u064a\u062f \u0648\u0627\u0637\u0644\u0628 \u0645\u0646 \u062c\u0645\u064a\u0639 \u0627\u0644\u0645\u062a\u0639\u0627\u0648\u0646\u064a\u0646 \u0625\u0639\u0627\u062f\u0629 \u0627\u0633\u062a\u0646\u0633\u0627\u062e \u0627\u0644\u0645\u0633\u062a\u0648\u062f\u0639.<\/p>\n\u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629<\/h2>\n\n- \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a CI\/CD \u0647\u064a \u0623\u0643\u062b\u0631 \u0645\u062a\u062c\u0647\u0627\u062a \u0627\u0644\u0647\u062c\u0648\u0645 \u0634\u064a\u0648\u0639\u0627\u064b \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628.<\/strong> \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0648\u0627\u062d\u062f\u0629 \u0645\u0633\u0631\u0651\u0628\u0629 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0648\u0635\u0648\u0644\u0627\u064b \u0643\u0627\u0645\u0644\u0627\u064b \u0625\u0644\u0649 \u0628\u0646\u064a\u0629 \u0627\u0644\u0625\u0646\u062a\u0627\u062c \u0627\u0644\u062a\u062d\u062a\u064a\u0629.<\/li>\n
- Pre-commit hooks \u0645\u0639 gitleaks \u062a\u0648\u0641\u0631 \u0623\u0633\u0631\u0639 \u062d\u0644\u0642\u0629 \u062a\u063a\u0630\u064a\u0629 \u0631\u0627\u062c\u0639\u0629.<\/strong> \u064a\u062a\u0645 \u062a\u0646\u0628\u064a\u0647 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0641\u0648\u0631\u0627\u064b\u060c \u0642\u0628\u0644 \u0623\u0646 \u064a\u062f\u062e\u0644 \u0627\u0644\u0633\u0631 \u0625\u0644\u0649 \u0633\u062c\u0644 Git.<\/li>\n
- \u0627\u0644\u0641\u062d\u0635 \u062f\u0627\u062e\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0647\u0648 \u0637\u0628\u0642\u0629 \u0625\u0646\u0641\u0627\u0630 \u0625\u0644\u0632\u0627\u0645\u064a\u0629.<\/strong> \u0644\u0627 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u062a\u062c\u0627\u0648\u0632\u0647\u0627 \u0648\u062a\u0636\u0645\u0646 \u0639\u062f\u0645 \u062f\u0645\u062c \u0623\u064a \u0637\u0644\u0628 \u0633\u062d\u0628 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0623\u0633\u0631\u0627\u0631.<\/li>\n
- \u0642\u062f\u0631\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0641\u064a truffleHog \u062a\u0642\u0644\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0625\u064a\u062c\u0627\u0628\u064a\u0629 \u0627\u0644\u0643\u0627\u0630\u0628\u0629 \u0628\u0634\u0643\u0644 \u0643\u0628\u064a\u0631.<\/strong> \u0627\u0633\u062a\u062e\u062f\u0645\u0647 \u0644\u0644\u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0639\u0645\u064a\u0642\u0629 \u0627\u0644\u0645\u062c\u062f\u0648\u0644\u0629 \u062d\u064a\u062b \u062a\u0647\u0645 \u0627\u0644\u062f\u0642\u0629 \u0623\u0643\u062b\u0631 \u0645\u0646 \u0627\u0644\u0633\u0631\u0639\u0629.<\/li>\n
- GitHub push protection \u0648\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0634\u0631\u0643\u0627\u0621 \u064a\u0636\u064a\u0641\u0627\u0646 \u062f\u0641\u0627\u0639\u0627\u064b \u0639\u0644\u0649 \u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0645\u0646\u0635\u0629<\/strong> \u064a\u0639\u0645\u0644 \u062f\u0648\u0646 \u0623\u064a \u0625\u0639\u062f\u0627\u062f \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0643.<\/li>\n
- \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0643\u0634\u0641 \u0627\u0644\u0645\u062e\u0635\u0635\u0629 \u0636\u0631\u0648\u0631\u064a\u0629<\/strong> \u0644\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u0645\u0624\u0633\u0633\u0629 \u0627\u0644\u062a\u064a \u0633\u062a\u0641\u0648\u062a\u0647\u0627 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0642\u064a\u0627\u0633\u064a\u0629. \u0627\u0633\u062a\u062b\u0645\u0631 \u0627\u0644\u0648\u0642\u062a \u0641\u064a \u0643\u062a\u0627\u0628\u0629 \u0642\u0648\u0627\u0639\u062f \u0644\u062a\u0646\u0633\u064a\u0642\u0627\u062a \u0645\u0641\u0627\u062a\u064a\u062d\u0643 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629.<\/li>\n
- \u0627\u0644\u062f\u0641\u0627\u0639 \u0627\u0644\u0645\u062a\u0639\u0645\u0642 \u0647\u0648 \u0627\u0644\u0627\u0633\u062a\u0631\u0627\u062a\u064a\u062c\u064a\u0629 \u0627\u0644\u0645\u0648\u062b\u0648\u0642\u0629 \u0627\u0644\u0648\u062d\u064a\u062f\u0629.<\/strong> \u0644\u0627 \u062a\u0648\u062c\u062f \u0623\u062f\u0627\u0629 \u0623\u0648 \u0637\u0628\u0642\u0629 \u0648\u0627\u062d\u062f\u0629 \u062a\u0643\u062a\u0634\u0641 \u0643\u0644 \u0634\u064a\u0621. \u0627\u062c\u0645\u0639 \u0628\u064a\u0646 pre-commit \u0648\u0627\u0644\u0641\u062d\u0635 \u062f\u0627\u062e\u0644 \u0627\u0644\u0623\u0646\u0628\u0648\u0628 \u0648push protection \u0648\u0627\u0644\u0641\u062d\u0648\u0635\u0627\u062a \u0627\u0644\u0645\u062c\u062f\u0648\u0644\u0629 \u0648\u0645\u0631\u0627\u0642\u0628\u0629 \u0648\u0642\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0644\u0644\u062a\u063a\u0637\u064a\u0629 \u0627\u0644\u0634\u0627\u0645\u0644\u0629.<\/li>\n<\/ul>\n
\u0627\u0644\u062e\u0637\u0648\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629<\/h2>\n
\u0627\u0644\u0622\u0646 \u0628\u0639\u062f \u0623\u0646 \u0623\u0635\u0628\u062d \u0628\u0625\u0645\u0643\u0627\u0646\u0643 \u0627\u0643\u062a\u0634\u0627\u0641 \u0648\u0645\u0646\u0639 \u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631\u060c \u0627\u0644\u062e\u0637\u0648\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629 \u0647\u064a \u0625\u0632\u0627\u0644\u0629 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0627\u0644\u0645\u0636\u0645\u0646\u0629 \u0641\u064a \u0627\u0644\u0643\u0648\u062f \u0628\u0627\u0644\u0643\u0627\u0645\u0644 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0628\u0646\u064a \u0625\u062f\u0627\u0631\u0629 \u0623\u0633\u0631\u0627\u0631 \u0635\u062d\u064a\u062d\u0629:<\/p>\n
\n- \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD<\/a> \u2014 \u062a\u0639\u0644\u0645 \u0643\u064a\u0641\u064a\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 HashiCorp Vault \u0648AWS Secrets Manager \u0648\u0645\u062e\u0627\u0632\u0646 \u0623\u0633\u0631\u0627\u0631 CI\/CD \u0627\u0644\u0623\u0635\u0644\u064a\u0629 \u0644\u062d\u0642\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a \u0648\u0642\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u062f\u0648\u0646 \u062a\u062e\u0632\u064a\u0646\u0647\u0627 \u0641\u064a \u0627\u0644\u0643\u0648\u062f.<\/li>\n
- \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0642\u0635\u064a\u0631\u0629 \u0627\u0644\u0623\u062c\u0644 \u0648Workload Identity Federation<\/a> \u2014 \u062a\u062e\u0644\u0635 \u0645\u0646 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0637\u0648\u064a\u0644\u0629 \u0627\u0644\u0623\u062c\u0644 \u0646\u0647\u0627\u0626\u064a\u0627\u064b \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 OIDC-based workload identity federation \u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628 \u0645\u0639 \u0645\u0632\u0648\u062f\u064a \u0627\u0644\u0633\u062d\u0627\u0628\u0629 \u062f\u0648\u0646 \u0623\u064a \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0639\u062a\u0645\u0627\u062f \u0645\u064f\u062e\u0632\u0651\u0646\u0629.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
\u0646\u0638\u0631\u0629 \u0639\u0627\u0645\u0629 \u062a\u0633\u0631\u064a\u0628 \u0627\u0644\u0623\u0633\u0631\u0627\u0631 \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u0647\u0648 \u0627\u0644\u0633\u0628\u0628 \u0627\u0644\u0623\u0648\u0644 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0627\u0628\u064a\u0628. \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0627\u0639\u062a\u0645\u0627\u062f \u0627\u0644\u0645\u0643\u0634\u0648\u0641\u0629 \u2014 \u0645\u0641\u0627\u062a\u064a\u062d API\u060c \u0648\u0643\u0644\u0645\u0627\u062a \u0645\u0631\u0648\u0631 \u0642\u0648\u0627\u0639\u062f \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a\u060c \u0648\u0631\u0645\u0648\u0632 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0627\u0644\u0633\u062d\u0627\u0628\u0629 \u2014 \u062a\u0645\u0646\u062d \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0645\u0633\u0627\u0631\u0627\u064b \u0645\u0628\u0627\u0634\u0631\u0627\u064b \u0625\u0644\u0649 \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0625\u0646\u062a\u0627\u062c. \u0648\u0641\u0642\u0627\u064b \u0644\u062a\u0642\u0631\u064a\u0631 GitGuardian \u0644\u0639\u0627\u0645 2025 \u062d\u0648\u0644 \u062d\u0627\u0644\u0629 \u0627\u0646\u062a\u0634\u0627\u0631 \u0627\u0644\u0623\u0633\u0631\u0627\u0631\u060c \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0623\u0643\u062b\u0631 \u0645\u0646 12 \u0645\u0644\u064a\u0648\u0646 \u0633\u0631 \u062c\u062f\u064a\u062f \u0641\u064a \u0639\u0645\u0644\u064a\u0627\u062a commit \u0627\u0644\u0639\u0627\u0645\u0629 … \u0627\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,67,28],"tags":[],"post_folder":[],"class_list":["post-808","post","type-post","status-publish","format-standard","hentry","category-ci-cd-security","category-labs","category-pipeline-hardening"],"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/comments?post=808"}],"version-history":[{"count":0,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/808\/revisions"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/media?parent=808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/categories?post=808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/tags?post=808"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/post_folder?post=808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}