Expand Secret Detection post-processing and revocation to all tiers

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Background

For technical reasons related to our current approach to Secret Detection post-processing, PATs are only automatically revoked if leaked in projects with Ultimate. (I'm not sure if this limitation also applies to AWS or other partners.)

This limitation is due to technical reasons—it is not an intentional/pricing-philosophy-based choice.

Proposal

We should enable post-processing & revocation in all Secret Detection scanning jobs, not just those that are in projects with Ultimate.

Technical approach

We have analyzed options but not identified a compelling path forward yet. Some analysis is recorded in #391763 (comment 1335959472).