Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Sanitize the Azure DevOps Personal Access Token from the scm_info section of the '.lock.json' file

When executing 'chef update <policyname>.rb' the command generates a '<policyname>.lock.json' and inside it the remote URL (cookbook_locks => <cookbook name> => scm_info => remote ) contains an Azure DevOps PAT which allows any reader to use that PAT for malicious purposes.

We need a way to sanitize the PAT from the URL inside the lock.json file for the Azure DevOps Repos.

  • Guest
  • Jan 12 2023
  • New
  • Attach files