Update secret detection content (microsoft#939)

* Deprecation of secret-detection.md

* Fix link

* Fix link

* Minor changes

* Add pre-commit instructions

* Remove secret-detection.md

---------

Co-authored-by: Shiran Rubin <[email protected]>

Author: tomconte

docs/continuous-integration/dev-sec-ops/secret-management/credential_scanning.md

@@ -23,8 +23,8 @@ To implement credential scanning for a project, consider the  following:
 
 Recipes and Scenarios-
 
-1. [Detect-secrets](./recipes/detect-secrets.md) - detect-secrets is an aptly named module for detecting secrets within a code base.
-1. [detect-secrets inside Azure DevOps Pipeline](./recipes/detect-secrets-ado.md)
+1. [detect-secrets](./recipes/detect-secrets.md) is an aptly named module for detecting secrets within a code base.
+1. Use [detect-secrets inside Azure DevOps Pipeline](./recipes/detect-secrets-ado.md)
 1. [Microsoft Security Code Analysis extension](https://learn.microsoft.com/en-us/azure/security/develop/security-code-analysis-overview)
 
 Additional Tools -

docs/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets-ado.md

@@ -1,4 +1,4 @@
-# Detecting Secrets in your Azure DevOps Pipeline with YELP detect-secrets
+# Running detect-secrets in Azure DevOps Pipelines
 
 ## Overview
 

docs/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets.md

@@ -28,7 +28,24 @@ python3 -m pip install detect-secrets
 detect-secrets scan > .secrets.baseline
 ```
 
-## Usage
+## Pre-commit hook
+
+It is recommended to use `detect-secrets` in your development environment as a Git pre-commit hook. 
+
+First, follow the [`pre-commit` installation instructions](https://pre-commit.com/#install) to install the tool in your development environment.
+
+Then, add the following to your `.pre-commit-config.yaml`:
+
+```yaml
+repos:
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.4.0
+    hooks:
+    -   id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']
+```
+
+## Usage in CI pipelines
 
 ```sh
 # backup the list of known secrets

docs/security/README.md

@@ -13,7 +13,7 @@ When requesting a security review for your application, please make sure you hav
 - [Secure Coding Practices Quick Reference](https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf)
 - [Web Application Security Quick Reference](https://owasp.org/www-pdf-archive//OWASP_Web_Application_Security_Quick_Reference_Guide_0.3.pdf)
 - [Security Mindset/Creating a Security Program Quick Start](https://github.com/OWASP/Quick-Start-Guide/blob/master/OWASP%20Quick%20Start%20Guide.pdf?raw=true)
-- [Automated Secret Detection](./secret-detection.md)
+- [Credential Scanning / Secret Detection](../continuous-integration/dev-sec-ops/secret-management/credential_scanning.md)
 - [Threat Modelling](./threat-modelling.md)
 
 ## Azure DevOps Security

docs/security/secret-detection.md

@@ -10,4 +10,4 @@ E.g. the following pattern will exclude all files with the extension `.private.c
 
 For more details on proper management of credentials and secrets in source control, and handling an accidental commit of secrets to source control, please refer to the [Secrets Management](../continuous-delivery/secrets-management/README.md) document which has further information, split by language as well.
 
-As an extra security measure, apply [credential scanning](../continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets.md) in your CI/CD pipeline.
+As an extra security measure, apply [credential scanning](../continuous-integration/dev-sec-ops/secret-management/credential_scanning.md) in your CI/CD pipeline.