Disable or customize the bypass message

[alexku7]

Currently if a secret has been discovered during the pre-push or pre-commit hook, the cli prints a bypass message suggestion to use --no-verify flag.

The problem that people see it and without thinking too much just run it and create an incident and potential secret leakage.

We would like to disable this message ot at lease to change it. In our opinion the message just engages people to bypass the hook and upload secrets to git by mistake.

[mathieubellon]

Hello @alexku7 !
We have identified this problem and are currently working on a feature allowing users to broadcast their own custom message at various steps (pre-commit, pre-push, etc ..)
Here is the PR but keep in mind that this feature is not CLI only so it will available when we will also update the API

[alexku7]

Hello @alexku7 ! We have identified this problem and are currently working on a feature allowing users to broadcast their own custom message at various steps (pre-commit, pre-push, etc ..) Here is the PR but keep in mind that this feature is not CLI only so it will available when we will also update the API

Thank you @mathieubellon
If I understand correctly the PR allows to customize the remediation message but our problem is also in BYPASS_MESSAGE :(

The BYPASS_MESSAGE engages people to push or commit with --no-verify and it leads to too many mistakes :(

[mathieubellon]

The custom message will override everything, including the bypass message.
Users will be free to customize the complete message area (remediation and bypass)