Skip to content

Review Jit Secret Detection

Close PRs where Jit detects a secret and post a comment explaining steps to remedy the situation.

Label Jit Alerts

Configuration Description

Conditions (all must be true):

  • Jit detects a secret in the PR.

Automation Actions:

  • Close the PR
  • Post a comment explaining why this action was taken and to outline the necessary steps to remedy the situation.

Review Jit Security Control

# -*- mode: yaml -*-

manifest:
  version: 1.0

automations:
  review_jit_secret:
    if:
      - true
      - {{ jit.vulnerabilities | match(attr='security_control', term='Secret Detection') | some }}
    run:
      - action: add-comment@v1
        args: 
          comment: |
            Jit detects secrets in this PR. Please complete the following steps:
            1. Undo the commit with git reset and remove all secrets from the files you modified.
            2. Deactivate the secret in any locations its used and replace it with a new key
            3. Commit your changes and resubmit your PR.
      - action: close@v1


jit: {{ pr | extractJitFindings }}
Download this example as a CM file.