New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
false positive / confusion following email #5
Comments
Hey @consideRatio , thanks for the interest in the project, I've checked and it is indeed not straightforward to sign up without integrating GitHub real-time monitoring. This is something we'll be definitely improving in the future. On the part of the user authentication on the GitHub App, we only read your email (as it says on |
Hi @Jguer , I also received an email about 30 minutes ago. It warned me about a AWS key but I did not pushed any AWS key (though I'm using one on this repo). I triple checked to be sure and the 4 commits I made today do not contain my AWS key. |
Hi @PierreTurnbull , thanks for your message. |
I actually rendered my repository public today, so this makes sense. Thanks for the explanation. |
For future reference, i still considere the report i got a false positive. I low on capacity to help debugging it, but the repo it reacted on is public still without action taken since i got the report. It renamed to neurohackademy/nh2020-jupyterhub though. |
I'm not sure where to write about this situation, but decided I'll try here.
I got an email referencing this repo describing that a secret had been exposed in a repo I manage. The referenced exposed secret was actually encrypted by mozilla/sops as intended, so I assume a false positive triggered the email.
Curious about this project I read up a bit and considered debugging this, I read that an API key was required, but decided against trying to get one since it led to a request to "Act on your behalf". I'm generally concerned about why that was requested.
I hope this experience is relevant for you to be aware about.
The text was updated successfully, but these errors were encountered: