Skip to content

Logger Migration to Pino #132

New issue
New issue
Closed
#154
#153
Closed
Logger Migration to Pino#132
#154
#153
Assignees
bjohansebas
Labels
good first issueGood for newcomershelp wantedExtra attention is neededmeeting-agendatechnical-debt
@UlisesGascon

Description

@UlisesGascon
UlisesGascon
opened on Dec 13, 2024

Currently, we use a custom logger with limited capabilities.

The idea is to migrate to Pino with two key features:

  1. Prevent Leaks of Sensitive Data
    Sensitive data like GITHUB_TOKEN might inadvertently leak when passing environment variables to containers, especially if the containers fail to execute commands. For example (Relevant Code):

    Error running workflow: Command failed: docker run -e GITHUB_AUTH_TOKEN=ghp_************************ --rm ghcr.io/ossf/scorecard/v5:ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4 --repo=https://github.com/jshttp/content-type --show-details --format=json
Error: check runtime error: CII-Best-Practices: internal error: error during json parsing: error during json.Unmarshal: invalid character '<' looking for beginning of value
	    2024/12/12 19:23:27 error during command execution: check runtime error: CII-Best-Practices: internal error: error during json parsing: error during json.Unmarshal: invalid character '<' looking for beginning of value

    Using Pino, we can ensure sensitive data is redacted from logs to prevent such leaks (ref1, ref2).

  2. Suppress Logs During Test Execution
    To maintain clean logs and simplify debugging, we aim to avoid logging when tests are running (Relevant Code)

Metadata

Metadata

Assignees

Labels

good first issueGood for newcomershelp wantedExtra attention is neededmeeting-agendatechnical-debt

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions