Skip to content

Commit 7100780

Browse files
derkkila-splunkderkkila-splunk
authored
Merge pull request #25 from leftrightleft/main
Secret Scanning Dashboard
2 parents 4a4706d + 8c4644e commit 7100780

File tree

4 files changed

+155
-2
lines changed

4 files changed

+155
-2
lines changed

github_app_for_splunk/default/data/ui/nav/default.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
<collection label="Advanced Security">
1212
<view name="security_alert_overview" />
1313
<view name="code_scanning_overview" />
14+
<view name="secret_scanning_overview" />
1415
</collection>
1516
<collection label="Developer Insights">
1617
<view name="value_stream_analytics" />

github_app_for_splunk/default/data/ui/views/secret_scanning_overview.xml

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
<form>
2+
<label>Secret Scanning Alerts</label>
3+
<search id="baseSearch">
4+
<query>
5+
`github_webhooks` eventtype="GitHub::SecretScanning" | eval action='action', enterprise=if(isnotnull('enterprise.name'),'enterprise.name','unknown'), organization=if(isnotnull('organization.login'),'organization.login','unknown'), repository=if(isnotnull('repository.name'),'repository.name','unknown'), secret_type=if(isnotnull('alert.secret_type'),'alert.secret_type','unknown'), resolution=if(isnotnull('alert.resolution'),'alert.resolution','unknown'), resolved_at=if(isnotnull('alert.resolved_at'),'alert.resolved_at','unknown'), resolved_by=if(isnotnull('alert.resolved_by.login'),'alert.resolved_by.login','unknown')
6+
</query>
7+
<earliest>$timeTkn.earliest$</earliest>
8+
<latest>$timeTkn.latest$</latest>
9+
<sampleRatio>1</sampleRatio>
10+
</search>
11+
<fieldset submitButton="false" autoRun="true">
12+
<input type="time" token="timeTkn" searchWhenChanged="true">
13+
<label>Time Range</label>
14+
<default>
15+
<earliest>-24h@h</earliest>
16+
<latest>now</latest>
17+
</default>
18+
</input>
19+
<input type="multiselect" token="secret_type" searchWhenChanged="true">
20+
<label>Secret Type</label>
21+
<fieldForLabel>secret_type</fieldForLabel>
22+
<fieldForValue>secret_type</fieldForValue>
23+
<valuePrefix>"</valuePrefix>
24+
<valueSuffix>"</valueSuffix>
25+
<search base="baseSearch">
26+
<query>| table secret_type | dedup secret_type</query>
27+
</search>
28+
<choice value="*">All</choice>
29+
<default>*</default>
30+
<initialValue>*</initialValue>
31+
</input>
32+
<input type="multiselect" token="orgTkn" searchWhenChanged="true">
33+
<label>Organization</label>
34+
<choice value="*">All</choice>
35+
<default>*</default>
36+
<initialValue>*</initialValue>
37+
<valuePrefix>"</valuePrefix>
38+
<valueSuffix>"</valueSuffix>
39+
<delimiter>,</delimiter>
40+
<fieldForLabel>organization</fieldForLabel>
41+
<fieldForValue>organization</fieldForValue>
42+
<search base="baseSearch">
43+
<query>| dedup organization | table organization</query>
44+
</search>
45+
</input>
46+
<input type="multiselect" token="repoTkn" searchWhenChanged="true">
47+
<label>Repositories</label>
48+
<choice value="*">All</choice>
49+
<default>*</default>
50+
<initialValue>*</initialValue>
51+
<valuePrefix>"</valuePrefix>
52+
<valueSuffix>"</valueSuffix>
53+
<delimiter>,</delimiter>
54+
<fieldForLabel>repository</fieldForLabel>
55+
<fieldForValue>repository</fieldForValue>
56+
<search base="baseSearch">
57+
<query>| dedup repository | table repository</query>
58+
</search>
59+
</input>
60+
</fieldset>
61+
<row>
62+
<panel>
63+
<single>
64+
<title>Found Secrets</title>
65+
<search base="baseSearch">
66+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="created" | stats count</query>
67+
</search>
68+
<option name="drilldown">none</option>
69+
<option name="height">150</option>
70+
<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
71+
<option name="refresh.display">progressbar</option>
72+
</single>
73+
</panel>
74+
<panel>
75+
<single>
76+
<title>Fixed Secrets</title>
77+
<search base="baseSearch">
78+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="resolved" | stats count</query>
79+
</search>
80+
<option name="drilldown">none</option>
81+
<option name="height">150</option>
82+
<option name="refresh.display">progressbar</option>
83+
</single>
84+
</panel>
85+
<panel>
86+
<chart>
87+
<title>Secret Types</title>
88+
<search base="baseSearch">
89+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | chart count by secret_type</query>
90+
</search>
91+
<option name="charting.chart">pie</option>
92+
<option name="charting.drilldown">none</option>
93+
<option name="height">175</option>
94+
</chart>
95+
</panel>
96+
<panel>
97+
<chart>
98+
<title>Secrets Found/Fixed Ratio</title>
99+
<search base="baseSearch">
100+
<query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ (action=created OR action=resolved)
101+
| timechart count(_raw) by action
102+
| accum created
103+
| accum resolved
104+
| rename created as "Found"
105+
| rename resolved as "Fixed"</query>
106+
</search>
107+
<option name="charting.axisTitleX.visibility">collapsed</option>
108+
<option name="charting.chart">line</option>
109+
<option name="charting.drilldown">none</option>
110+
<option name="refresh.display">progressbar</option>
111+
<option name="height">175</option>
112+
</chart>
113+
</panel>
114+
</row>
115+
<row>
116+
<panel>
117+
<table>
118+
<title>Fixed Secrets</title>
119+
<search base="baseSearch">
120+
<query> | search action=resolved repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, resolution, resolved_by, _time
121+
| rename secret_type as "Secret Type"
122+
| rename organization as "Organization"
123+
| rename repository as "Repository"
124+
| rename resolution as "Resolution"
125+
| rename resolved_by as "Resolved By"
126+
</query>
127+
</search>
128+
<option name="drilldown">none</option>
129+
</table>
130+
</panel>
131+
</row>
132+
<row>
133+
<panel>
134+
<table>
135+
<title>Found Secrets</title>
136+
<search base="baseSearch">
137+
<query> | search action=created repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, action, _time
138+
| rename secret_type as "Secret Type"
139+
| rename organization as "Organization"
140+
| rename repository as "Repository"
141+
| rename action as "Action"
142+
</query>
143+
</search>
144+
<option name="drilldown">none</option>
145+
</table>
146+
</panel>
147+
</row>
148+
</form>

github_app_for_splunk/default/data/ui/views/welcome_page.xml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@
6363
Open Source repositories and customers of GitHub Advanced Security have access to application security tooling such as Code Scanning, Secret Scanning, and Dependency Review.
6464
<ol>
6565
<li>The <a href="security_alert_overview"> Advanced Security Overview</a> dashboard gives insight into the security posture of your GitHub Organization</li>
66-
<li>The <a href="code_scanning_overview"> Code Scanning</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
66+
<li>The <a href="code_scanning_overview"> Code Scanning Alerts</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
67+
<li>The <a href="secret_scanning_overview"> Secret Scanning Alerts</a> dashboard provides visibility into secrets like API keys and personal access tokens that have been checked into your repositories</li>
6768
</ol>
6869
</p>
6970
</div>

github_app_for_splunk/default/eventtypes.conf

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ search = `github_webhooks` action IN ("submitted","edited","dismissed") pull_req
1414
search = `github_webhooks` after=* before=* "commits{}.id"=* ref=* "pusher.name"=*
1515

1616
[GitHub::Repo]
17-
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=*
17+
search = `github_webhooks` action IN ("created","deleted","archived","unarchived","edited","renamed","transferred","publicized","privatized") "repository.name"=* NOT "pull_request.id"=* NOT "project_card.id"=* NOT "project.number"=* NOT "project_column.id"=* NOT "check_run.id"=* NOT "alert.created_at"=* NOT "alert.number"=*
1818

1919
[GitHub::Project]
2020
search = `github_webhooks` action IN ("created","edited","closed","reopenend","deleted") "project.number"=*
@@ -31,6 +31,9 @@ search = `github_webhooks` action IN ("queued","created","started","completed")
3131
[GitHub::CodeScanning]
3232
search = `github_webhooks` action IN ("appeared_in_branch", "closed_by_user", "created", "fixed", "reopened", "reopened_by_user") "alert.created_at"=*
3333

34+
[GitHub::SecretScanning]
35+
search = `github_webhooks` action IN ("created", "resolved") "alert.secret_type"=*
36+
3437
[GitHub::VulnerabilityAlert]
3538
search = `github_webhooks` action IN ("create", "dismiss", "resolve") "alert.external_identifier"=*
3639

0 commit comments

Comments
 (0)