Github for DLP network

Hi!

Is there a way to have ICAP detect sensitive data uploaded to github using browser? or is not supported due to some end to end encryption?

Thanks

Welcome to the GitHub Support Community, @argentraedward ! We’re glad to have you here. There’s not a feature on GitHub.com that would allow you to configure ICAP to detective sensitive data uploaded to our site.

As a next step, we recommend submitting this as a feature request through our official product feedback form so that our product team can track your request. That’s the best place to share requests like these in consideration for future iterations of GitHub features. We also recommend following our GitHub public roadmap if you’re interested in seeing what our team has prioritized as far as new features and updates are concerned. I hope this helps!

Hi Francisfuzz,

Thanks for the reply. I have my own DLP software but I am not sure why it was not blocked when uploading to github repo. It might due to not able to encrypt or just it might be due to end to end encryption?

Thanks!

Hmm, great question! I don’t have an answer right here and now, but I’d be interested to learn more––do you have steps for reliably reproducing this? I’d like to give it a try and investigate it further. :male_detective:

Hi Francis,

Sure. you can have a DLP to check on keyword “Confidential” file. Go to github repo and select that file and upload it -> commit changes. It will then uploaded to the repo.

This setup is done using ICA.

Thanks

Thanks for sharing that context! Admittedly, this is a bit out of scope with what I’m familiar with and I think I’d yield to the wider community here for help on reproducing this.

In the past, something that’s helped me in investigating these sorts of connection issues is using the GitHub Debug site as a first pass and sending that over to the GitHub Support team.

However, my hunch is that the DLP and ICA you’re using might have some special network configuration settings in place. Because that’s third-party software not something maintained nor owned by GitHub, the GitHub Support team would not be able to help debug that, but they’ll do their best to ask questions and offer suggestions around the issue based on the results you share with them. I hope that helps as a next step!

Hi Francis,

Thanks for your help.

My typo there. It should be ICAP instead of ICA.

Basically what ICAP does is to send data packet from user to proxy. From proxy, it will decrypt the packet and send to DLP using ICAP for checking. Once it has checked, it either allowed to or blocked it from uploading to repo.

I’m just guessing might be end to end encryption or tunnel which not supported to decrypt ?hopefully they had some info on this.

Thanks!