Blink Workflow Library: 7K+ DevOps and SecOps Workflows

Note when creating the webhook:Configure the Webhook's content type to be application/JSON.
Also, configure the 'Which events would you like to trigger this webhook?' to be Just the push event to trigger the workflow only on a new push event. 
For further details check out our documentation: https://www.docs.blinkops.com/docs/Integrations/github/triggers/github-webhook-event

Set the following variables first:In case of ignored commits that contain credentials, a report will be sent to the defined SecOps_personnel.
In order to keep track of the whitelisted credentials, create if you don't already have a table with the following fields:  'name', 'line', and 'encrypted_whitelist_credentials'. Set the name of the table in `whitelist_table_name `. 
In your first run, make sure that in step 17 ('Get whitelisted credentials from table ') the name of the columns of the table suits the column names you defined.
To detect all types of credentials to whitelist, create if you don't already have a table with the following fields:  'Credential type'  and 'Regex'. Please refer to this regex list. Set the name of the table in regex_table_name in step 1 part 3. 

Going over all the commits retrieved in the Webhook one by one

In each commit, there might be more than one file that was changed or added. The files to examine are added or modified files in the commit

Asking the committer to choose one of the following methods to resolve the problem:`Whitelist credential `- checks if the credentials found in the commit are whitelisted. If the credential does not exist in the whitelist credential table, it will be added with the correct line and a hashed version.
Revert commit - reverting the commit and opening a PR for the change.
Ignore - no further action will be taken, which allows he committer to handle the commit on his own. A report will be sent to the relevant SecOps personnel informing them about the commit. Not recommended!
Important Note:This workflow assume your organisation uses same email for github, blink and slack employee's account

The credentials list retrieved contains:Number of the line of the found credential
The credential itself

Note: the credentials are hashed for security reasons with a hash function.If needed to retrieve the credentials - use a key for the following hash and preferably save it in the global variable secret manager. 
The hash used is: sha256 from the hashlib library in python.

Note: you must make sure the column names are the same as the ones defined in your tableTo get your column names, run step 17 without the given Query body. The output in the results section will indicate the names of the column. Note you must have at list one row in the table.
After retrieving the column names, change the body and other fields in later steps containing column names and change them accordingly.
For example,  an output received :
{
  "limit": 25,
  "offset": 0,
  "total": 4,
  "results": [
    {
      "created_by": "test@example.com",
      "updated_by": "test@example.com"",
      "id": "3eba7c05-8efa-48c7-9ce1-e427e44c0680",
      "name": "FILE NAME",
     "line": 1,
      "encrypted_whitelist_credentials": "CREDENTIAL",
      "created_at": 1676214690483,
      "updated_at": 1676214690483
    }
  ]
}

Revert the commit and open pull request - If the pull request fails, the change will be committed on the new branch and the committer will have to manually open a pull request for the branch.

Notify the relevant personnel about unresolved commits