You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently if a secret has been discovered during the pre-push or pre-commit hook, the cli prints a bypass message suggestion to use --no-verify flag.
The problem that people see it and without thinking too much just run it and create an incident and potential secret leakage.
We would like to disable this message ot at lease to change it. In our opinion the message just engages people to bypass the hook and upload secrets to git by mistake.
The text was updated successfully, but these errors were encountered:
Hello @alexku7 !
We have identified this problem and are currently working on a feature allowing users to broadcast their own custom message at various steps (pre-commit, pre-push, etc ..)
Here is the PR but keep in mind that this feature is not CLI only so it will available when we will also update the API
Hello @alexku7 ! We have identified this problem and are currently working on a feature allowing users to broadcast their own custom message at various steps (pre-commit, pre-push, etc ..) Here is the PR but keep in mind that this feature is not CLI only so it will available when we will also update the API
Thank you @mathieubellon
If I understand correctly the PR allows to customize the remediation message but our problem is also in BYPASS_MESSAGE :(
The BYPASS_MESSAGE engages people to push or commit with --no-verify and it leads to too many mistakes :(
The custom message will override everything, including the bypass message.
Users will be free to customize the complete message area (remediation and bypass)
Currently if a secret has been discovered during the pre-push or pre-commit hook, the cli prints a bypass message suggestion to use --no-verify flag.
The problem that people see it and without thinking too much just run it and create an incident and potential secret leakage.
We would like to disable this message ot at lease to change it. In our opinion the message just engages people to bypass the hook and upload secrets to git by mistake.
The text was updated successfully, but these errors were encountered: