Monitor/enable GitHub's secret detection feature

[mogul]

GitHub now offers secret scanning alerts, but they have to be explicitly enabled.

This is exactly the kind of thing that one might want to detect/enforce via policy across a large set of repositories, so it seems like a great thing for Allstar to be able to manage!

[jeffmendoza]

Yes, if it has an API and is not easily done at the org level, we should have an Allstar policy to turn it on. Thanks for the suggestion!

[mogul]

There's an API for configuring it per-repository. Nothing at the org level AFAICS.

[markdboyd]

I started looking into this and it seems like maybe it is possible to configure this at the org level?

https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories