Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add python example for signature validation on secret scanning notifications #18776

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add python example for signature validation on secret scanning notifications #18776

wants to merge 1 commit into from

Conversation

ckuethe
Copy link

@ckuethe ckuethe commented Jun 22, 2022
edited

Why:

The secret scanning workflow documentation (https://docs.github.com/en/enterprise-cloud@latest/developers/overview/secret-scanning-partner-program#implement-signature-verification-in-your-secret-alert-service) doesn't have example validation in python. I found at least two other people asking about how to do this in python with no answers.

Fixes #18778

What's being changed:

Added two different ways to validate the signature; one uses Cryptodome (https://pycryptodome.readthedocs.io/en/latest/) and the other uses python-ecdsa (https://github.com/tlsfuzzer/python-ecdsa)

Check off the following:

  • I have reviewed my changes in staging (look for "Automatically generated comment" and click Modified to view your latest changes).
  • For content changes, I have completed the self-review checklist.

Writer impact (This section is for GitHub staff members only):

  • This pull request impacts the contribution experience
    • I have added the 'writer impact' label
    • I have added a description and/or a video demo of the changes below (e.g. a "before and after video")

@ckuethe
Add python example
41a5533 
Actually, there are two different ways to validate the signature; one uses Cryptodome (https://pycryptodome.readthedocs.io/en/latest/) and the other uses python-ecdsa (https://github.com/tlsfuzzer/python-ecdsa)
@welcome
Copy link

@welcome welcome bot commented Jun 22, 2022

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage label Jun 22, 2022
@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Jun 22, 2022

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
developers/overview/secret-scanning-partner-program.md fpt
ghec
 fpt
ghec

@janiceilene janiceilene added content waiting for review secret scanning and removed triage labels Jun 28, 2022
@janiceilene
Copy link
Collaborator

@janiceilene janiceilene commented Jun 28, 2022

@ckuethe Thanks so much for opening a PR! I'll get this triaged for review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
content secret scanning waiting for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secret scanning docs missing examples of signature validation in python
2 participants
@ckuethe @janiceilene