mirror of
https://github.com/github/awesome-copilot.git
synced 2026-03-16 14:15:11 +00:00
446f0d767c
* New hook: secrets-scanner Add a secrets-scanner hook that scans files modified during a Copilot coding agent session for leaked secrets, credentials, and sensitive data. The hook runs on sessionEnd and inspects files in one of three scopes: - diff: only files changed in the current session (default) - staged: only files currently staged in the git index - all: every tracked file in the repository Detected pattern categories: - AWS access keys and secret keys - GCP service account credentials - Azure client secrets and storage connection strings - GitHub personal access tokens - Slack tokens (bot, user, webhook) - Private key headers (RSA, EC, DSA, OpenSSH, PEM) - Generic high-entropy bearer tokens - Internal IP:port strings Configurable via environment variables (SCAN_MODE, SCAN_SCOPE, SECRETS_ALLOWLIST) so teams can tune for their workflow without editing the script. Patterns are POSIX ERE (grep -E) compatible, with no PCRE metacharacters, for portability across macOS and Linux. Files: hooks.json, scan-secrets.sh, README.md * refactor: move PATTERNS array to top of scan-secrets.sh for discoverability Move the PATTERNS declaration to the top of the file so it is clearly visible and easy to customize, as suggested in code review. Added a descriptive header comment. No functional changes. --------- Co-authored-by: Shehab Sherif <shehabsherif0@users.noreply.github.com>
2.4 KiB
2.4 KiB
🪝 Hooks
Hooks enable automated workflows triggered by specific events during GitHub Copilot coding agent sessions, such as session start, session end, user prompts, and tool usage.
How to Contribute
See CONTRIBUTING.md for guidelines on how to contribute new hooks, improve existing ones, and share your use cases.
How to Use Hooks
What's Included:
- Each hook is a folder containing a
README.mdfile and ahooks.jsonconfiguration - Hooks may include helper scripts, utilities, or other bundled assets
- Hooks follow the GitHub Copilot hooks specification
To Install:
- Copy the hook folder to your repository's
.github/hooks/directory - Ensure any bundled scripts are executable (
chmod +x script.sh) - Commit the hook to your repository's default branch
To Activate/Use:
- Hooks automatically execute during Copilot coding agent sessions
- Configure hook events in the
hooks.jsonfile - Available events:
sessionStart,sessionEnd,userPromptSubmitted,preToolUse,postToolUse,errorOccurred
When to Use:
- Automate session logging and audit trails
- Auto-commit changes at session end
- Track usage analytics
- Integrate with external tools and services
- Custom session workflows
| Name | Description | Events | Bundled Assets |
|---|---|---|---|
| Governance Audit | Scans Copilot agent prompts for threat signals and logs governance events | sessionStart, sessionEnd, userPromptSubmitted | audit-prompt.shaudit-session-end.shaudit-session-start.shhooks.json |
| Secrets Scanner | Scans files modified during a Copilot coding agent session for leaked secrets, credentials, and sensitive data | sessionEnd | hooks.jsonscan-secrets.sh |
| Session Auto-Commit | Automatically commits and pushes changes when a Copilot coding agent session ends | sessionEnd | auto-commit.shhooks.json |
| Session Logger | Logs all Copilot coding agent session activity for audit and analysis | sessionStart, sessionEnd, userPromptSubmitted | hooks.jsonlog-prompt.shlog-session-end.shlog-session-start.sh |