Strategies for cloning repositories with full history into the workspace for analysis.
This skill provides guidance on properly cloning and accessing repository content for secret validation analysis.
Always clone the repository into your designated workspace directory to ensure isolation and proper cleanup.
cd /path/to/workspace
git clone https://github.com/owner/repo.git repo
cd repo
For complete analysis, you need access to all branches and the full commit history:
git clone --mirror https://github.com/owner/repo.git repo.git
cd repo.git
git worktree add ../repo HEAD
Or for a standard clone with all branches:
git clone https://github.com/owner/repo.git repo
cd repo
git fetch --all
Secrets may exist in commits that are no longer on any branch. Use the commit SHA from the alert location:
# Show the commit containing the secret
git show <commit_sha>
# Check out the specific commit
git checkout <commit_sha>
# View the file at that specific commit
git show <commit_sha>:path/to/file
List all branches to understand where secrets may exist:
# List all branches (including remote)
git branch -a
# Check if a commit exists on specific branches
git branch --contains <commit_sha>
After acquiring the repository: