Closed mktcode closed 1 year ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Requires now to set an env var for the PAT:
The .env files are then generated for you (where there's a .env.sample).
I think generally we can ask for required env vars first and then populate the files automatically, right?
~Not true for OAuth app secrets (to my own surprise): https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-user-alerts~
I confused GitHub's internal scanning with this GitGuardian bot. It in deed removes the secret but maybe it can still be obfuscated with base64 or something. Alternatively devs need to be instructed to create their own OAuth app.
I also added functionality to boot from forks: