FAQ
Pre-push vs Pre-commit
Why Use Pre-Push Instead of Pre-Commit for Running Axi Client?
| Aspect | Pre-Push Protection | Pre-Commit Protection |
|---|---|---|
| Execution Timing | Runs right after git push command, before code reaches remote repository |
Runs immediately after git commit, before commit is created locally |
| Developer Experience | ✅ Superior - Allows local development with temp credentials | ❌ Disruptive - Blocks every commit with secrets |
| Local Development | ✅ Developers can commit temp keys locally for testing and iteration | ❌ Prevents any commits containing secrets, even temporary ones |
| Internet Connectivity | ✅ Has internet connection available for API validation calls | ❌ May not have internet when committing, hence no coverage is possible |
| Git History Protection | ⚠️ Secrets may exist in local git history which can be automatically removed using our axi client | ✅ Secrets never added to local repository git history |
| Security Effectiveness | ✅ Excellent - Protects remote repositories where real threats exist | ✅ Good - Early detection but can be overly restrictive |
| Performance Impact | ✅ Only scans when pushing (less frequent) | ❌ Scans on every commit (frequent interruptions and slower) |
| False Positive Handling | ✅ Advanced validity checks and approval workflows | ⚠️ Immediate blocking without context |