github.com/google/osv-scalibr@v0.4.1/.github/ISSUE_TEMPLATE/prp-secrets.md

github.com/google/osv-scalibr@v0.4.1/.github/ISSUE_TEMPLATE/prp-secrets.md (about)

     1  ---
     2  name: Patch reward program - secret scanning
     3  about: Submit a secret extractor suggestion for the PRP
     4  title: 'PRP: Secret extractor for {Secret name}'
     5  labels: ['PRP', 'PRP:Request']
     6  assignees: ''
     7  
     8  ---
     9  
    10  - **Secret name**: {e.g. `GCP Service Account Keys`}
    11  - **Risk in exposing the secret**: {e.g. `Attackers can impersonate GCP Service Accounts and get access to Cloud resources`}
    12  - **Validation method, if any**:
    13   * {APIs queried to verify the secret is associated with a real prod account}
    14   * {We reward more for secret extractor submissions that also include an
    15     associated validation Enricher plugin}
    16  - **Resources**:
    17    * {Any links}
    18    * {That can be useful to understand more about the secret and how it's used}