use Defang secret-detector to identify potential secret leaks before publishing OCI artifacts by glours · Pull Request #12620 · docker/compose (original) (raw)

you MUST check each individual file in the compose project, not just the final model. Otherwise I may publish:
compose.yaml

services: test some: MY_SECRET_PASSWORD

compose.yaml

services: test some: !override ${ENTER_YOUR_OWN_SECRET}

Publisher expectation would be that secret is not exposed to consumer, but actually it is