Enterprise Should Automatically Enable Secret Scanning Push Protection Across All Organizations/Repositories

policy name: enable_push_protection_secret_scanning

severity: MEDIUM


The enterprise should prevent sensitive data from being pushed to all repositories, to prevent it from being exposed to anyone with access to the repository.


  1. Make sure you are an enterprise owner
  2. Go to the Enterprise Settings page
  3. Under the ‘Settings’ tab choose ‘Code security and analysis’
  4. Check ‘Automatically enable for repositories added to secret scanning’