roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon github

Secret scanning: dry-runs for enterprise-level custom patterns

Open github-product-roadmap opened this issue 3 years ago • 1 comments

Summary

As testing tool, a dry-run scan at the enterprise level will allow users to hone their custom regex patterns by determining the estimated number and quality of alerts generated for a specified pattern. This feature follows our release of repository and organization level dry-runs.

Intended Outcome

A poorly authored regular expression can spawn thousands of results across an enterprise. Dry-run scans will allow users to prevent a bloat of results by testing their patterns before submission.

How will it work?

Users can easily test their patterns before publishing at the repository, organization, and now enterprise levels. The dry-run scan will provide users with an estimate of the number of alerts that their pattern would create if published, as well as a sample set of detected secrets in the relevant repositories.

github-product-roadmap avatar Apr 13 '22 20:04 github-product-roadmap

🚢 Shipped to the cloud: https://github.blog/changelog/2022-05-12-secret-scanning-dry-runs-for-enterprise-level-custom-patterns/

ankneis avatar May 19 '22 00:05 ankneis

This has shipped to GHES 3.6 🚢 https://docs.github.com/en/[email protected]/admin/release-notes Closing out this issue

spaltrowitz avatar Sep 08 '22 19:09 spaltrowitz