Support for GitHub

Hello Team,

We often have a situation wherein some of the developers inadvertently push code on his public repos containing some sensitive information. Generally this is followed by frantic attempts to clean this up. This involves deleting the repository and finding the number of views, fetches,forks,clones etc made for this repository. While Github has published its policy on sensitive data removal and information on traffic (which I believe is for some 14 days), I would like to know if Github support can provide this information if the incident gets detected too late viz maybe a month later after the actual upload.

Hi @dip123s,

For information about what Support can do in your specific situation, you will want to reach out to GitHub Support directly.

That being said, you say that this is a fairly common scenario for your developers? If so, we might be able to make some recommendations to reduce this problem as well. After all, the best way to stop a data breach is with prevention.

Thanks! 

1 Like

Thanks. Would appreciate recommendations from you. Pls suggest

Hi @dip123s,

Well, since your problem seems to be related to pushing of sensitive data to public repositories, I would recommend setting up a review system using protected branches where only certain people have access to push to those repositories.

If the sensitive data is of a specific type, it is also possible to set up status checks which would make sure that each commit meets a certain criteria. GitHub already does a limited amount of token scanning to help with this.

Hope this helps!

1 Like