Hi Developers!
I have created a issue at our sig-security repository for tracking the Trufflehog Update on all the repositories from our organization.
Main Issue:
https://github.com/eclipse-tractusx/sig-security/issues/86
The GitGuardian secret scanning tool licence is now going to be expired, therefore in order to maintain the Security of the Tractus-X Repositories there will be inforced the [TRG-8.03](https://eclipse-tractusx.github.io/docs/release/trg-8/trg-8-03)
for all Tractus-X repos.
Before with the GitGuardian the functionality was included by default in all the PRs at all the repositories.
So now in order to keep the secret scanning functionality, it is required to add a workflow, so that before PRs are merged, there will be scanned for any API secrets, passwords, etc. Preventing you to publish into the open source repo `main`
branch important secrets.
Remember: We are all humans and this secret scanning tools can save us from making huge mistakes
😉
You probably also saw that I created a issue in all this repositories to track the updates:
eclipse-tractusx/eclipse-tractusx.github.io
eclipse-tractusx/.eclipsefdn
eclipse-tractusx/api-hub
eclipse-tractusx/charts
eclipse-tractusx/sig-release
eclipse-tractusx/portal-shared-components
eclipse-tractusx/tutorial-resources
eclipse-tractusx/tractusx-edc-template
eclipse-tractusx/bpn-did-resolution-service
eclipse-tractusx/sldt-semantic-models
eclipse-tractusx/knowledge-agents-aas-bridge
eclipse-tractusx/managed-simple-data-exchanger-frontend
eclipse-tractusx/traceability-foss
eclipse-tractusx/managed-identity-wallet
eclipse-tractusx/item-relationship-service
eclipse-tractusx/sd-factory
eclipse-tractusx/data-exchange-test-service
eclipse-tractusx/knowledge-agents
eclipse-tractusx/knowledge-agents-edc
eclipse-tractusx/tractus-x-umbrella
eclipse-tractusx/vas-country-risk
eclipse-tractusx/sldt-ontology-model
eclipse-tractusx/sig-security
eclipse-tractusx/tractus-x-release
eclipse-tractusx/managed-simple-data-exchanger-backend
eclipse-tractusx/sig-infra
eclipse-tractusx/managed-simple-data-exchanger
eclipse-tractusx/.github
eclipse-tractusx/SSI-agent-lib
eclipse-tractusx/eclipse-tractusx.github.io.largefiles
eclipse-tractusx/testdata-provider
eclipse-tractusx/tractusx-profiles
eclipse-tractusx/app-dashboard
For finding which repositories do not have the file I have used two cool scripts I have developed and added to the sig-infra repository.
Sig-Infra PR:
https://github.com/eclipse-tractusx/sig-infra/pull/545 (Your Feedback and Review are welcome!)
Now we can search for multiple files in all the repositories from our organization (which are not archived) and also by a list of repositories create a issue for the repos
😊
Remember: all the committers are responsible for the security of the organization, lets make a effort together to keep
Eclipse Tractus-X a safe and secure dataspace 😉
Feel free to ask us committers and project leads in the next office hour if you have any problems on performing the update!
Kind Regards,
Mathias Brunkow Moser – Tractus-X Project Lead

Mathias Brunkow Moser
|
Lead Consultant
Software Engineering
| Software Architecture
| Cybersecurity
CGI Deutschland B.V. & Co. KG |
Catena-X
70467 Stuttgart | Leitzstraße, 45 | Germany
mathias.brunkowmoser@xxxxxxx
|
LinkedIn
|
www.cgi.com/de

Follow CGI at:
Xing
| LinkedIn
| Twitter
| Facebook
|
Instagram
CGI Deutschland B.V. KG, Leinfelder Straße 60, 70771 Leinfelden-Echterdingen | Amtsgericht Stuttgart HRA 732235, Steuernummer: 97113/29861, Umsatzsteuer-Identifikationsnummer
gemäß § 27 UStG: DE 114118368 | Persönlich haftender Gesellschafter: CGI General Partner B.V., Rotterdam, Niederlande, KvK-Nr. 74017632 Geschäftsführer: Torsten Straß, Thomas Roth, Volker Katz, Francois Boulanger
Unsere Pflichtangaben gemäß § 35a GmbHG / §§ 161, 125a HGB finden Sie unter
de.cgi.com/pflichtangaben
CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to CGI Group Inc. and its affiliates may be contained in this message.
If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message
to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply e-mail.