Check commits for bypass flag
Overview
To handle false positives, for example in cases where a developer need to commit a dummy secret that is used in tests, and to allow users to skip secrets detection entirely in case of timeouts for instance, we are introducing a special commit message flag similar to [ci skip]
.
Implementation Plan
-
Determine the exact variation to be used: [skip secret detection]
,[secret detection skip]
, or both. -
Update the new push check to: -
Skip scanning if the variation exists in any of the commit messages associated with the push. -
Display instructions on how to skip secret detection if needed using the flag.
-
Edited by Ahmed Hemdan