Code scanning is a static analysis feature that examines your source code to identify security vulnerabilities and coding errors. It runs either on every push, pull request, or a scheduled time depending on the workflow configuration.
It does not automatically contact maintainers, scan full Git history, or block pushes unless explicitly configured to do so.
[: GitHub Docs – About Code Scanning, ==========]
Questions # 22:
Which of the following statements most accurately describes push protection for secret scanning custom patterns?
Options:
A.
Push protection must be enabled for all, or none, of a repository's custom patterns.
B.
Push protection is an opt-in experience for each custom pattern.
C.
Push protection is not available for custom patterns.
D.
Push protection is enabled by default for new custom patterns.
Push protection for secret scanning custom patterns is an opt-in feature. This means that for each custom pattern defined in a repository, maintainers can choose to enable or disable push protection individually. This provides flexibility, allowing teams to enforce push protection on sensitive patterns while leaving it disabled for others.
[References: GitHub Docs – Working with push protection from the command line, , ]
