Identifying location of secrets detected by Push Protection #30780
Unanswered
mikeclayton
asked this question in
Code Security
Replies: 1 comment 1 reply
-
Hi @mikeclayton, Apologies that you ran into this experience! The error message should have details on where the secret was found so that you can take proper remediation action to remove from history. Can you answer some questions please?
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Q. Is there a way to determine which commit / file / line is being detected as containing secrets when Push Protection is enabled, and / or work out which rule or pattern it's violating without simply bypassing secret detection and then seeing what gets reported later?
Background
I'm currently getting an error when trying to push some commits to a feature branch on a repository that has Secret Scanning / Push Protection enabled.
However, the error message doesn't give me any clues about exactly what is being detected as a secret:
I've searched through the local commits to see if I can work out what's being flagged, but I've drawn a blank. We've got some custom patterns defined, so it's entirely possible those are misbehaving, but without knowing what is being detected I can't really see what I need to do to fix it.
What's frustrating is that Push Protection obviously thinks it's found a secret, so it would be good if the location could be included in the error message...
Note: I've also tried visiting the magic url given to bypass Push protection for the secret, but that doesn't give any further details either - it just asks if you want to allow "this secret" without saying what (or where) "this secret" is:
Any pointers would be appreciated...
Beta Was this translation helpful? Give feedback.
All reactions