allstar icon indicating copy to clipboard operation
allstar copied to clipboard

Published 20 hours ago verified publisher icon ossf

Monitor/enable GitHub's secret detection feature

Open mogul opened this issue 2 years ago • 3 comments

GitHub now offers secret scanning alerts, but they have to be explicitly enabled.

This is exactly the kind of thing that one might want to detect/enforce via policy across a large set of repositories, so it seems like a great thing for Allstar to be able to manage!

mogul avatar Mar 02 '23 17:03 mogul

Yes, if it has an API and is not easily done at the org level, we should have an Allstar policy to turn it on. Thanks for the suggestion!

jeffmendoza avatar Mar 02 '23 20:03 jeffmendoza

There's an API for configuring it per-repository. Nothing at the org level AFAICS.

mogul avatar Mar 03 '23 06:03 mogul

I started looking into this and it seems like maybe it is possible to configure this at the org level?

https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-existing-repositories

markdboyd avatar Mar 10 '23 20:03 markdboyd