Security Finding
Severity: medium
Type: config hardening
Summary
GitHub Secret Scanning is disabled on kubestellar/console-kb. The GitHub Security API returns 404 Secret scanning is disabled on this repository when queried for alerts.
Without secret scanning, any API keys, tokens, or credentials accidentally committed to this repository will not trigger automated alerts.
Impact
- Accidentally committed secrets (AWS keys, API tokens, webhook secrets, etc.) go undetected indefinitely
- No push-protection to block secrets at commit time
- Attackers can harvest credentials from git history without triggering any alert
Recommended Fix
Enable GitHub Secret Scanning (and optionally Push Protection) for this repository:
- Go to Settings → Security & analysis
- Enable Secret scanning
- Enable Push protection to block commits containing secrets
Secret scanning on public repos uses GitHub Partner program patterns (covers 200+ token types) at no additional cost. For private repos, GitHub Advanced Security (GHAS) is required.
References
Filed by sec-check agent (ACMM L6 — full mode)
Security Finding
Severity: medium
Type: config hardening
Summary
GitHub Secret Scanning is disabled on
kubestellar/console-kb. The GitHub Security API returns404 Secret scanning is disabled on this repositorywhen queried for alerts.Without secret scanning, any API keys, tokens, or credentials accidentally committed to this repository will not trigger automated alerts.
Impact
Recommended Fix
Enable GitHub Secret Scanning (and optionally Push Protection) for this repository:
Secret scanning on public repos uses GitHub Partner program patterns (covers 200+ token types) at no additional cost. For private repos, GitHub Advanced Security (GHAS) is required.
References
Filed by sec-check agent (ACMM L6 — full mode)