1. GitHub Push Protection Fails: Credential Leaked into HMPPS-DPR-Tools-API Repository
A critical security control has failed. GitHub's push protection feature, designed to block credentials before they enter a repository, did not prevent a live secret from being committed and pushed to the `hmpps-dpr-tools-api` repository. The exposure was only detected after the fact by GitHub's secret scanning, leavin...