Skip to main content

Secret Push Protection Rule

The following rule type is available for secret push protection.

stacklok/secret_push_protection - Verifies that secret push protection is enabled for a given repository

Secret push protection is a feature that scans new pushes to a repository and scans the new commits for secrets so that pushes with secrets are rejected before they are integrated into the target branch.

To enable this feature in GitHub, you must enable it in the repository settings.

Note that this will not work as expected for private repositories unless you have GitHub Advanced Security enabled. If you still want to use this rule because you have a mixture of private and public repositories, enable the skip_private_repos flag.

For more information, see https://docs.github.com/en/code-security/secret-scanning/push-protection-for-repositories-and-organizations#enabling-secret-scanning-as-a-push-protection-for-a-repository

Entity

  • repository

Type

  • stacklok/secret_push_protection

Rule parameters

  • None

Rule definition options

The stacklok/secret_push_protection rule supports the following options:

  • enabled (boolean) - Whether secret push protection should be enabled for a given repository.
  • skip_private_repos (boolean) - If true, this rule will be marked as skipped for private repositories