We have enabled Github push protection feature on all public repositories for scanning secrets in commits. This document helps to unblock sourcegraph engineers when the push protection blocks the git push operation.

For Sourcegraph Engineers

How to unblock the push protection (self-serve) ?

Here is a quick demo on how to unblock the push protection. Additionally, here is the step by step guide

While using Git CLI:

  1. Check the Github push error logs for links to unblock the push protection.
  2. The link redirects to Github UI, verify the leaked secret and revoke it if applicable.
  3. Mark the secret appropriately as "Used in Test", "False Positive" or "Fix Later"
  4. Finally click "Finish" or "Allow me to expose secret" to resolve.
  5. Once all secrets are resolved, the push protection should be unblocked automatically.
  6. Kindly retry the git push operation again from CLI to push your changes to Github.

<aside> 💡 Please note that you'll have to do this for each leaked secret before retrying push.

</aside>

While using Github UI:

  1. The Github popup should appear automatically showing the leaked secret alert
  2. Mark the secret appropriately as "Used in Test", "False Positive" or "Fix Later"
  3. Finally click "Finish" or "Allow me to expose secret" to resolve.
  4. Once all secrets are resolved, the push protection should be unblocked automatically.
  5. Kindly retry pushing your changes again to Github.

<aside> 💡 Please note that you'll have to do this for each leaked secret before retrying push.

</aside>

For Security Engineers