How does secrets scanning push protection really work #116539
Unanswered
BAStos525
asked this question in
Code Security
Replies: 3 comments 7 replies
This comment was marked as off-topic.
This comment was marked as off-topic.
-
On which side push protection feature scans a changes in commit before they will be pushed? On GitHub endpoints side? So, roughly speaking, does GitHub still send every time the code changes in the commit to scan to a some remote endpoint, before actually pushing the commit to the repository? |
Beta Was this translation helpful? Give feedback.
1 reply
-
I guess when we are talking about client-side check, git hooks are there. Since most likely that GitHub secrets scanning push protection feature based on git hooks, these checks are server-side, right? |
Beta Was this translation helpful? Give feedback.
6 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question: system flow under secrets scanning push protection mechanism
Body
Hello! We have some common information about how secrets scanning process is organized and what flows are under its hood. But there is not an informative page how secrets scanning push protection works. Is its flow the same as for secrets scanning that are already were committed to a repository and is it sends like pre-commit to GitHub remote regex searching endpoint before a "real" push in advance? It could be great to get some more information how does secrets scanning push protection is reliable. Thank you.
Beta Was this translation helpful? Give feedback.
All reactions