Expand Secret Detection post-processing and revocation to all tiers
Background
For technical reasons related to our current approach to Secret Detection post-processing, PATs are only automatically revoked if leaked in projects with Ultimate. (I'm not sure if this limitation also applies to AWS or other partners.)
This limitation is due to technical reasons—it is not an intentional/pricing-philosophy-based choice.
Proposal
We should enable post-processing & revocation in all Secret Detection scanning jobs, not just those that are in projects with Ultimate.
Technical approach
We have analyzed options but not identified a compelling path forward yet. Some analysis is recorded in #391763 (comment 1335959472).
Edited by Connor Gilbert