Skip to content

[DevOps] Implement secret scanning and pre-commit hooks repo-wide #1096

Description

@Xoulomon

Suggested Tier: Trivial (100 pts)

Description:
Prevent secrets from ever being committed with automated scanning in CI and locally.

Tasks:

  • Add a secret-scanning CI job (e.g. gitleaks) on every PR
  • Add a pre-commit hook (reuse husky) running the same scan locally
  • Add an allowlist for known false positives
  • Document remediation steps if a secret is detected

Acceptance Criteria:

  • A test secret in a PR is caught and blocks the merge
  • The local hook catches the same secret before commit

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions