Versions Compared

Old Version 2

changes.mady.by.user venkata sai santosh kumar seeram

Saved on

compared with

New Version 3

changes.mady.by.user venkata sai santosh kumar seeram

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before Enabling Secret Protection:

Image Added


After Enabling Secret Protection:

Image Added

Excluding folders and files from secret scanning

...

Copilot Secret Scanning:
Below is an example of a commit detected by secret scan. GH would alert the user through email.https://github.com/KaizenDevopsTraining/devops/commit/9032b48f5ce98c8b9a7458ec2149ea68f934b08c

Image Added

Secret scanning alerts:

Example:
Image Added

Default alerts list

...


Push Protection: Block commits that contain supported secrets.

Image Added

Image Added

Image Added


Token versions

Service providers update the patterns used to generate tokens periodically and may support more than one version of a token. Push protection only supports the most recent token versions that secret scanning can identify with confidence. This avoids push protection blocking commits unnecessarily when a result may be a false positive, which is more likely to happen with legacy tokens.

In above screenshots, user is provided with a github link to browse as shown below
Image Added

Select a suitable option above to bypass push protection.

When you allow a secret to be pushed, an alert is created in the Security tab. GitHub closes the alert and doesn't send a notification if you specify that the secret is a false positive or used only in tests. If you specify that the secret is real and that you will fix it later, GitHub keeps the security alert open and sends notifications to the author of the commit, as well as to repository administrators. For more information, see Managing alerts from secret scanning.

Image Added

About secret scanning - GitHub Docs

...

https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets


Image Added

Image Added

Steps to Handle Secrets Listed in the Security Tab by Developers:

...

  • Go to Repo → Security → Secret scanning.
  • Click on each alert to see:
    • The file and line where the secret was found.
    • The type of secret (e.g., GitHub token, AWS key).
    • Whether it’s still active or revoked.

https://github.com/rdkcentral/sample-gitflow/security/secret-scanning/21Image Added

While closing the alert, select appropriate action, add relevant comment and close the alert as shown below

Image Added

More helpful articles listed below

...