De-slop: remove every em-dash + banned words across all modules + capstone (#94)
Sync course wiki / sync-wiki (push) Successful in 4s
Sync course wiki / sync-wiki (push) Successful in 4s
Co-authored-by: claude <claude@jpaul.io> Co-committed-by: claude <claude@jpaul.io>
This commit was merged in pull request #94.
This commit is contained in:
@@ -1,12 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# security-scan.sh — the security gate for tasks-app (Module 15).
|
||||
# security-scan.sh: the security gate for tasks-app (Module 15).
|
||||
#
|
||||
# Runs two scanners and exits non-zero if EITHER finds something. That non-zero exit is what turns
|
||||
# a CI run red (Module 14). One script, two homes: run it by hand for fast local feedback, and call
|
||||
# it from the pipeline so the same definition of "a finding" enforces the merge.
|
||||
#
|
||||
# These two tools (pip-audit, detect-secrets) are concrete examples of their categories — SCA and
|
||||
# These two tools (pip-audit, detect-secrets) are concrete examples of their categories, SCA and
|
||||
# secret scanning. Swap in any equivalent; keep the contract the same: scan, print, fail on findings.
|
||||
#
|
||||
# Usage: ./security-scan.sh
|
||||
@@ -30,7 +30,7 @@ if [ -f requirements.txt ]; then
|
||||
status=1
|
||||
fi
|
||||
else
|
||||
echo "(no requirements.txt found — skipping SCA)"
|
||||
echo "(no requirements.txt found; skipping SCA)"
|
||||
fi
|
||||
|
||||
echo
|
||||
@@ -38,7 +38,7 @@ echo "=== Gate 2: secret scan (detect-secrets) ==="
|
||||
# detect-secrets prints a JSON report of any secrets it finds. NOTE: with no path it scans the files
|
||||
# git TRACKS, so stage the starter files (`git add`) before running this, or an untracked file is
|
||||
# invisible to the gate. We parse the JSON with `python3` (no jq dependency) and fail CLOSED: the
|
||||
# parser returns 0=secrets found, 1=clean, anything else=couldn't tell — and "couldn't tell" must
|
||||
# parser returns 0=secrets found, 1=clean, anything else=couldn't tell; "couldn't tell" must
|
||||
# count as a failure, never a silent pass.
|
||||
report="$(detect-secrets scan)"
|
||||
printf '%s' "$report" | python3 -c 'import sys, json
|
||||
|
||||
Reference in New Issue
Block a user