[ceslami]

Fantastic concept and execution.

I would note that by the time this sensitive code hits Github, its already too late. Criminals who mine PII/secrets use the Github event firehose to analyze code pushes in near-realtime.

It would be great to integrate this code as a pre-commit hook, so that code doesn't even get into the tree if its sensitive.

[gknoy]

Excellent point. I wonder if it would be feasible to put this kind of check in a pre-commit pipeline to prevent it actually getting committed in the first place.

[0x0]

Or even better, github could have an opt-in (or even opt-out) server side variant for pushes!