1

in VSO, I have tried push the code without taking latest, when did that, my code got pushed locally. After pulling the latest code when i tried to push again to Central repository I am getting the below error. I had credentials in few files, after removing it also I'm getting the same error. Any help would be much appreciated, Thanks in Advance...!!!

If these are valid credentials, even for non-production resources, you must remove them from Git’s branch history by resetting your branch or squashing all commits. See https://aka.ms/1escredscan for instructions. Please report any false positives to 1ESSecTools@microsoft.com.

NOTE: It is not enough to remove the secrets and push another change. You must reset your branch according to the instructions.

If this is a false positive, you can bypass credential scanning (for this push alone) by running these commands, assuming that you have no staged changes:

git commit -m "**DISABLE_SECRET_SCANNING**" --allow-empty`
git push

Alternatively, see https://aka.ms/1escredscan for instructions on how to use the hash values emitted above in a suppressions file to suppress false positives.) failed to push some refs to 'https://DevRepository'

Error encountered while pushing to the remote repository: rejected Dev -> Dev (VS403654: The push was rejected because it might contain credentials or other secrets.

gukoff
  • 2,112
  • 3
  • 18
  • 30
Habeeb Shaheryaar
  • 11
  • 1
  • 6
  • 1
    Your question (and the error message) literally has the answer: "you must remove them from Git’s branch history by resetting your branch or squashing all commits" and "You must reset your branch according to the instructions." – rickvdbosch Jan 23 '19 at 12:56
  • 1escredscan? 1essectools? Maybe you meant to post this question on an a different site? – Edward Thomson Jan 23 '19 at 13:15
  • @rickvdbosch I wanna know how to do it, As per the suggestion, it says run this command to disable "git commit -m "**DISABLE_SECRET_SCANNING" --allow-empty git push**" but how do I enable back? This can be done only through command or we have any UI for it? – Habeeb Shaheryaar Jan 24 '19 at 05:09
  • @EdwardThomson If so, could you please share the appropriate forum where I can post this question. :) – Habeeb Shaheryaar Jan 24 '19 at 05:09
  • @HabeebShaheryaar It looks like you're internal to Microsoft? If so, the internal Microsoft stackoverflow. – Edward Thomson Jan 24 '19 at 09:36

1 Answers1

0

I had credentials in few files, after removing it also I'm getting the same error

That would create a new commit where those credentials are gone.
But said credentials would still be there in past commits.

You would need to remove that sensitive data, possible with a git filter-branch --tree-filter or the BFG Repo-Cleaner.

Then force push.

As per the suggestion, it says run this command to disable "git commit -m "DISABLE_SECRET_SCANNING" --allow-empty git push" but how do I enable back?

I presume the commit with a message "DISABLE_SECRET_SCANNING" means don't scan for sensitive data past that commit (ie, in older commit).
But I would assume the scan is still done for newer commits, so you don't have to worry about "enabling it back".

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250