🔥 3-day streak
Microsoft DevOps Engineer Expert120 / 138
Question 120 of 138

Your team hosts several repositories in GitHub Enterprise Cloud with GitHub Advanced Security enabled. Developers occasionally commit hardcoded API keys, and although secret scanning alerts are raised, the secrets have already reached the remote repository by the time they are detected. You need to stop credentials from ever being pushed to the remote in the first place, while allowing a developer to bypass the block only with a documented justification. What should you do?

Reviewed for accuracy · Report an issueNext question