Each of the four NB Defense plugins (secrets, PII, licences, CVE) can be switched on or off. That is, if only the PII plugin is disabled and the remaining three plugins are enabled, the NB Defense scan will scan for the three enabled plugins but will not scan for PII.
In addition to enable/disable the available plugins for NB Defense scan, there is a global adjustable setting of
redact_secret for presenting sensitive information in scan reports. Moreover, NB Defense also allows for individual settings for each of the four plugins. The global and individual plugin settings are described below:
redact_secret setting determines how sensitive information is presented in NB Defense scan reports. The possible values of
PARTIAL will show only leading and trailing characters.
ALL will shadow the full secret.
HASH will replace the full secret with its hashed value (as shown in the table below as well).
|Redacted Secret Option||Redacted Secret|
Secrets Plugin Settings
secrets_plugins has the same modules as in the detect-secrets package. Each of the secret modules can be enable or disabled.
More details on which of the secret modules are enabled by default, and what they detect can be found on the secrets scan details page.
PII Plugin Settings
confidence_threshold indicates the level of uncertainty allowed when flagging text as PII i.e., a confidence threshold set at
0.8 would only allow that text marked as PII when NB Defense's PII scan is at least
80% confident that the text is PII. For any other text where the confidence of the NB Defense's PII scan is less than
80% the text will not be marked as PII. The default value of
confidence_threshold is set at
0.8 with a minimum allowed value of
0.0 and a maximum allowed value of
Also, NB Defense PII scan allows for separate setting of
confidence_threshold for each of the PII entities. In this way, by adjusting the values of
confidence_threshold for each PII entity separately, the users of NB Defense can set the uncertainty in PII scan results for each of the PII entities independently.
The PII entities to be scanned for can be toggled on and off in the scan settings. A list of PII entities with their brief description can be found on the PII scan details page.
License Plugin Settings
The licenses added to
accepted_licenses setting will not be flagged in the NB Defense scan report. So, for example, if the following licenses are added to the
accepted_licences, and they appear in the text, NB Defense License plugin will not flag it.
CVE Plugin Settings
There are no settings specific to the CVE plugin.