Scan GitHub and GitHub Enterprise comments

Question

Scan GitHub and GitHub Enterprise comments

Opened this issue 3 years ago · 1 comments

NolanT commented 3 years ago

Summary

Scan GitHub and GitHub Enterprise PR comments for secrets

Additional context

Users or bots (Terraform Atlantis) may inadvertently commit secrets in the comments of a Pull Request

Answer 1 · 2022-09-18T00:30:12.000Z

I would second this request. I plan to test out Rusty Hog soon for scanning a GitHub Enterprise server's repos. Most definitely secrets could be shared in comments, just as easily as they could be committed within code.