Scan commits for secrets and prevent push

[luwol03]

Feature Description

I think it would be a cool integration to prevent pushing commits which contain secrets. Github now announced, that they now prevent such pushes. Of course this feature should be possible to opt-out.

I randomly found the following go tool on my discover page that can scan repositories and files even directly via a remote url from git. Maybe it’s somehow possible to use that for scanning the files.

Screenshots

No response

[silverwind]

Might be nice to have, but I'd say this should definitely be an opt-in feature and I think there must be a way to still push in case of false-positive detections. Maybe it can allow secrets via force pushes, for example.

Just one example would be that I often like to push self-signed private keys to repos for testing purposes. In the general sense, such files are classified as secrets, but in my case, it's still fine to push them as they are only significant locally.

[mscherer]

Instead of --force (who could have side effect), I think using -o/--push-option would be better.

And if a secret is force pushed, should there be some way to ignore further push with the same secret ? (eg, clear per secret once and for all)

[techknowlogick]

closing as dupe of #5656

[luwol03]

Oh ok. Never found that issue. Thank you.