CMF
RDK Releases
Documentation
CMF Videos
Support
Support for CMF is provided by the RDK Support group.
To contact RDK Support:
Enter a ticket: https://jira.rdkcentral.com/
or
E-mail: support@rdkcentral.com
Page History
...
Remediation
Team members with maintainers role do not have access to view secrets in security tab at repo level. Only admin and security manager role has access to view/remediate secret alerts. For the team members to remediate the alerts, we are publishing the secret scan results in an excel sheet attached in below confluence link.
https://etwiki.sys.comcast.net/pages/viewpage.action?pageId=1798265160
Before Enabling Secret Protection:
...
Feature | Description |
Validity checks | Automatically verify if a secret is valid by sending it to the relevant partner. |
Non-provider patterns | Scan for non-provider patterns. Learn more about non-provider patterns. |
Scan for generic passwords | Copilot Secret Scanning detects passwords using AI. Learn more about generic password detection. |
Push protection | Block commits that contain supported secrets. |
Copilot Secret Scanning:
Below is an example of a commit detected by secret scan. GH would alert the user through email.
...
This table shows the behavior of alerts for each way a user can bypass a push protection block.
Bypass reason | Alert behavior |
It's used in tests | GitHub creates a closed alert, resolved as "used in tests" |
It's a false positive | GitHub creates a closed alert, resolved as "false positive" |
I'll fix it later | GitHub creates an open alert |
If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can enable delegated bypass for push protection. Delegated bypass lets you configure a designated group of reviewers to oversee and manage requests to bypass push protection from contributors pushing to the repository. For more information, see About delegated bypass for push protection.
...
Overview
Community Forums
Content Tools
Tasks