Closed cachedcloud closed 6 years ago
radekk
commented
6 years ago Hi @cachedcloud 👋
Thank you for this feedback. That's true that right now repo supervisor scans only pull requests and no direct pushes to the repository itself. It's something we might consider.
I will keep that issue open with the enhancement label on it.
Thanks!
radekk
commented
6 years ago As of the best practice all changes to the repository should go through pull requests. The potential flow for changes pushed i.e. directly to the master branch might be a Slack notification. Repo supervisor needs to send a URL with results somewhere, currently it's achieved by CI statuses.
I'm closing this issue and I will keep an eye on similar questions.
I like the project that you have started. This is almost exactly what I was looking for in order to scan GitHub repos for exposed secrets before they lead into an incident. Although, it's not complete in it's coverage. My understanding is that this will only monitor for pull requests into a currently existing repo. This is great if development is slow or is finished and you are only accepting pull requests into the repo. Although, if the repo is actively being developed by multiple people they are most likely going to push to the repo instead of making a pull requests. This tool falls short because it isn't setup to listen for push webhooks and then scan those new commits.
Are there any plans to expand this project to include push webhooks?