Summary
Sync organization-level secret scanning custom patterns and push protection policy from declarative YAML config.
Scope
Custom patterns are structured definitions, so this should use a file input plus per-org overrides:
secret-scanning-patterns-file- optional inline/per-org
secret-scanning-patterns in orgs.yml
- optional
delete-unmanaged-secret-scanning-patterns
Push protection / secret scanning enablement policy may be fixed scalar settings and could be direct inputs if the API exposes them that way.
Candidate capabilities
- Create/update/delete custom secret scanning patterns
- Enable/disable patterns as supported
- Manage push protection policy where supported
- Compare existing patterns and only apply changes when needed
Security notes
- Do not include real secrets in config, tests, docs, logs, or examples.
- Examples should use fake pattern names and safe regexes only.
- Never log sensitive pattern test strings if the API supports test cases.
Summary
Sync organization-level secret scanning custom patterns and push protection policy from declarative YAML config.
Scope
Custom patterns are structured definitions, so this should use a file input plus per-org overrides:
secret-scanning-patterns-filesecret-scanning-patternsinorgs.ymldelete-unmanaged-secret-scanning-patternsPush protection / secret scanning enablement policy may be fixed scalar settings and could be direct inputs if the API exposes them that way.
Candidate capabilities
Security notes