GH Action for checking if repo contains a potential secret

[matt035343]

It would be nice with automatic warnings about if the repo contains potential secrets.

E.g:

• PyPi tokens in requirements.txt
• Anywhere that has password='some text string' or {'password': 'some text string'}
• etc.

A user should be able to overrule the warning, but should actively do so. One solution could be that the action comments the line on which there is a potential secret. This comment needs to be resolved to merge the pull request.

FYI @george-zubrienko @s-vitaliy

[s-vitaliy]

Looks like this feature is free now, see: https://github.blog/2022-12-15-github-advanced-security-customers-can-now-push-protect-their-custom-patterns/

[matt035343]

Looks like this feature is free now, see: https://github.blog/2022-12-15-github-advanced-security-customers-can-now-push-protect-their-custom-patterns/

This is only free for public repositories.

[s-vitaliy]

@matt035343, thanks, I did not read it, just saved that link from news :-)