Security

Secret Scanning

Guide to using the Secret Scanning feature for models, datasets, and code in `Outpost Hub`.

Overview

Outpost Hub incorporates the Gitleaks tool to prevent secrets such as passwords, API keys, and tokens from being pushed to your Git repositories. By enabling secret scanning for your repositories, any commit containing a recognized secret pattern will be blocked, enhancing the security of your codebase.

Important: Secret Scanning in Outpost only scans new or modified code in commits pushed after Secret Scanning is enabled. Pre-existing code that remains unchanged will not be scanned for secrets.

Enabling Secret Scanning

  1. Open the repository where you want to enable secret scanning and go to Settings.
  2. Click on the Security tab.
  3. Toggle on Secret Scanning.
  4. Click Save.
  5. Repeat these steps for any additional repositories where you want to enable Secret Scanning.

Bypassing or Ignoring Detected Secrets

Note: Bypassing or ignoring detected secrets should be done cautiously. Only proceed if you are sure the detected secret does not pose a security risk, such as in cases of test data with fake secrets.

To bypass Gitleaks and intentionally commit a detected secret, you have two options:

  • Include gitleaks:allow as a comment in your code.
  • Create a .gitleaksignore file.

For further details, refer to the Gitleaks README.