Skip to content

Ehab-10/SecretOps-Detection-Project.

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
detection
detection
 
 
ingress
ingress
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Lambda Setup Step 1: Create Lambda Function

Go to the detection directory and create the Lambda function:

Navigate to the detection folder.

Create a zip of the Lambda function:

cd detection Compress-Archive -Path lambda_function.py -DestinationPath function.zip -Force

Create the Lambda function using AWS CLI:

aws lambda create-function
--function-name secretops-detector
--runtime python3.10
--handler lambda_function.lambda_handler
--role arn:aws:iam::000000000000:role/dummy
--zip-file fileb://function.zip
--timeout 10
--memory-size 256
--endpoint-url http://localhost:4566

Verify the function is created:

aws lambda list-functions --endpoint-url http://localhost:4566

Flask API Setup Step 1: Install Flask

To start the Flask API, you need to have Flask and Boto3 installed. You can install the necessary dependencies using pip:

pip install flask boto3

Step 2: Run Flask Application

Navigate to the ingress directory and run the Flask app:

cd ingress python app.py

The Flask app will run on http://localhost:8000 and handle incoming webhooks that trigger the Lambda function for detection.

Example Webhook Request

You can send POST requests to the /webhook endpoint to trigger secret detection:

curl -X POST http://localhost:8000/webhook
-H "Content-Type: application/json"
-d '{"commit_message": "leaked key AKIA1234567890ABCDEF"}'

SNS Configuration Step 1: Create SNS Topic

In LocalStack, create an SNS topic to receive alert notifications:

aws sns create-topic
--name secretops-alerts
--endpoint-url http://localhost:4566

Step 2: Subscribe Email

You can subscribe an email address to the SNS topic:

aws sns subscribe
--topic-arn arn:aws:sns:us-east-1:000000000000:secretops-alerts
--protocol email
--notification-endpoint "[email protected]"
--endpoint-url http://localhost:4566

MailHog Setup Step 1: Run MailHog

Run MailHog to simulate email delivery:

docker run -d --name mailhog
-p 1025:1025
-p 8025:8025
mailhog/mailhog

You can view the emails at http://localhost:8025 .

Testing Step 1: Test the Full Flow

Once everything is set up, you can test the full flow by sending a webhook request:

Start the Flask app:

python app.py

Send a POST request to trigger the Lambda detection:

curl -X POST http://localhost:8000/webhook
-H "Content-Type: application/json"
-d '{"commit_message": "leaked key AKIA1234567890ABCDEF"}'

Check MailHog for the alert.

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

A secret detection system using Lambda, Flask, and LocalStack.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages