Which of the following is the best way to prevent developers from adding secrets to the repository?
Create a CODEOWNERS file
Make the repository public
Configure a security manager
Enable push protection
The best proactive control is push protection. It scans for secrets during a git push and blocks the commit before it enters the repository.
Other options (like CODEOWNERS or security managers) help with oversight but do not prevent secret leaks.
Making a repo public would increase the risk, not reduce it.
Submit