feat: add secret scanning dashboard

leftrightleft · web-flow · commit 8c4644e4fe32 · 2021-12-21T18:01:41.000Z
diff --git a/github_app_for_splunk/default/data/ui/nav/default.xml b/github_app_for_splunk/default/data/ui/nav/default.xml
@@ -11,6 +11,7 @@
   <collection label="Advanced Security">
     <view name="security_alert_overview" />
     <view name="code_scanning_overview" />
+    <view name="secret_scanning_overview" />
   </collection>
   <collection label="Developer Insights">
     <view name="value_stream_analytics" />
diff --git a/github_app_for_splunk/default/data/ui/views/secret_scanning_overview.xml b/github_app_for_splunk/default/data/ui/views/secret_scanning_overview.xml
@@ -0,0 +1,148 @@
+<form>
+  <label>Secret Scanning Alerts</label>
+  <search id="baseSearch">
+    <query>
+      `github_webhooks` eventtype="GitHub::SecretScanning" | eval action='action', enterprise=if(isnotnull('enterprise.name'),'enterprise.name','unknown'), organization=if(isnotnull('organization.login'),'organization.login','unknown'), repository=if(isnotnull('repository.name'),'repository.name','unknown'), secret_type=if(isnotnull('alert.secret_type'),'alert.secret_type','unknown'), resolution=if(isnotnull('alert.resolution'),'alert.resolution','unknown'), resolved_at=if(isnotnull('alert.resolved_at'),'alert.resolved_at','unknown'), resolved_by=if(isnotnull('alert.resolved_by.login'),'alert.resolved_by.login','unknown')
+    </query>
+    <earliest>$timeTkn.earliest$</earliest>
+    <latest>$timeTkn.latest$</latest>
+    <sampleRatio>1</sampleRatio>
+  </search>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="time" token="timeTkn" searchWhenChanged="true">
+      <label>Time Range</label>
+      <default>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+    <input type="multiselect" token="secret_type" searchWhenChanged="true">
+      <label>Secret Type</label>
+      <fieldForLabel>secret_type</fieldForLabel>
+      <fieldForValue>secret_type</fieldForValue>
+      <valuePrefix>"</valuePrefix>
+      <valueSuffix>"</valueSuffix>
+      <search base="baseSearch">
+        <query>| table secret_type | dedup secret_type</query>
+      </search>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="multiselect" token="orgTkn" searchWhenChanged="true">
+      <label>Organization</label>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <valuePrefix>"</valuePrefix>
+      <valueSuffix>"</valueSuffix>
+      <delimiter>,</delimiter>
+      <fieldForLabel>organization</fieldForLabel>
+      <fieldForValue>organization</fieldForValue>
+      <search base="baseSearch">
+        <query>| dedup organization | table organization</query>
+      </search>
+    </input>
+    <input type="multiselect" token="repoTkn" searchWhenChanged="true">
+      <label>Repositories</label>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <valuePrefix>"</valuePrefix>
+      <valueSuffix>"</valueSuffix>
+      <delimiter>,</delimiter>
+      <fieldForLabel>repository</fieldForLabel>
+      <fieldForValue>repository</fieldForValue>
+      <search base="baseSearch">
+        <query>| dedup repository | table repository</query>
+      </search>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <single>
+        <title>Found Secrets</title>
+        <search base="baseSearch">
+          <query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="created" | stats count</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="height">150</option>
+        <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
+        <option name="refresh.display">progressbar</option>
+      </single>
+    </panel>
+    <panel>
+      <single>
+        <title>Fixed Secrets</title>
+        <search base="baseSearch">
+          <query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ action="resolved" | stats count</query>
+        </search>
+        <option name="drilldown">none</option>
+        <option name="height">150</option>
+        <option name="refresh.display">progressbar</option>
+      </single>
+    </panel>
+    <panel>
+      <chart>
+        <title>Secret Types</title>
+        <search base="baseSearch">
+          <query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | chart count by secret_type</query>
+        </search>
+        <option name="charting.chart">pie</option>
+        <option name="charting.drilldown">none</option>
+        <option name="height">175</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Secrets Found/Fixed Ratio</title>
+        <search base="baseSearch">
+          <query>| search repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ (action=created OR action=resolved)
+| timechart count(_raw)  by action 
+| accum created
+| accum resolved 
+| rename created as "Found" 
+| rename resolved as "Fixed"</query>
+        </search>
+        <option name="charting.axisTitleX.visibility">collapsed</option>
+        <option name="charting.chart">line</option>
+        <option name="charting.drilldown">none</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="height">175</option>
+      </chart>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Fixed Secrets</title>
+        <search base="baseSearch">
+          <query> | search action=resolved repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, resolution, resolved_by, _time 
+          | rename secret_type as "Secret Type"
+          | rename organization as "Organization"
+          | rename repository as "Repository"
+          | rename resolution as "Resolution"
+          | rename resolved_by as "Resolved By"
+          </query>
+        </search>
+        <option name="drilldown">none</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Found Secrets</title>
+        <search base="baseSearch">
+          <query> | search action=created repository=$repoTkn$ organization=$orgTkn$ secret_type=$secret_type$ | table secret_type, organization, repository, action, _time
+          | rename secret_type as "Secret Type"
+          | rename organization as "Organization"
+          | rename repository as "Repository"
+          | rename action as "Action"
+          </query>
+        </search>
+        <option name="drilldown">none</option>
+      </table>
+    </panel>
+  </row>
+</form>
diff --git a/github_app_for_splunk/default/data/ui/views/welcome_page.xml b/github_app_for_splunk/default/data/ui/views/welcome_page.xml
@@ -63,7 +63,8 @@
             Open Source repositories and customers of GitHub Advanced Security have access to application security tooling such as Code Scanning, Secret Scanning, and Dependency Review.
             <ol>
               <li>The <a href="security_alert_overview"> Advanced Security Overview</a> dashboard gives insight into the security posture of your GitHub Organization</li>
-              <li>The <a href="code_scanning_overview"> Code Scanning</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
+              <li>The <a href="code_scanning_overview"> Code Scanning Alerts</a> dashboard gives you access to alerts created by Code Scanning within your Organization</li>
+              <li>The <a href="secret_scanning_overview"> Secret Scanning Alerts</a> dashboard provides visibility into secrets like API keys and personal access tokens that have been checked into your repositories</li>
             </ol>
           </p>
         </div>  
