Details

Category: Static Code Analysis

Publisher: trickest

Created Date: 6/23/2021

Container: quay.io/trickest/dumpsterdiver:a54c190

Source URL: https://github.com/securing/dumpsterdiver

Parameters

remove
boolean
Command: -r - When this flag is set, then files which don't contain any secret (or anything interesting if -a flag is set) will be removed.
secret
boolean
Command: -s - When this flag is set, then all files will be additionally analyzed in search of hardcoded passwords.
grep-words
string
Command: --grep-words - Specifies the grep words to look for. Multiple words should be separated by space. Wildcards are supported. Requires adding -a flag to the syntax.
search-level
string
Command: --level - Search level for key length. Options: --level 0 - short keys (20-40B), e.g. AWS Access Key ID. --level 1 (default) - typical keys (40-70B), e.g. AWS Secret Access Key or Azure Shared Key. --level 2 - long keys (1000-1800B), e.g. SSH private key. --level 3 - any key (20-1800B). Be careful with this setting, because it may generate lots of false positives.
path-to-files
folder
required
Command: -p - Path to the folder containing files to be analyzed
max-key-length
string
Command: --max-key - Specifies the maximum key length to be analyzed (default is 80).
min-key-length
string
Command: --min-key - Specifies the minimum key length to be analyzed (default is 20).
bad-expressions
string
Command: --bad-expressions - Specifies bad expressions. If the DumpsterDiver find such expression in a file, then this file won't be analyzed. Multiple bad expressions should be separated by space.
files-to-exclude
string
Command: --exclude-files - Specifies file names or extensions which shouldn't be analyzed. File extension should contain . character (e.g. .pdf). Multiple file names and extensions should be separated by space.
advanced-analysis
boolean
Command: -a - when this flag is set, then all files will be additionally analyzed using rules specified in rules.yaml file.
max-password-length
string
Command: --max-pass - Specifies the maximum password length to be analyzed (default is 12). Requires adding -s flag to the syntax.
min-password-length
string
Command: --min-pass - Specifies the minimum password length to be analyzed (default is 8). Requires adding -s flag to the syntax.
password-complexity
string
Command: --pass-complex - Specifies the edge of password complexity between 1 (trivial passwords) to 9 (very complex passwords) (default is 8). Requires adding -s flag to the syntax.
enge-of-high-entropy
string
Command: --entropy - Specifies the edge of high entropy (default is 4.3).