{"id":4312,"date":"2026-06-12T07:12:42","date_gmt":"2026-06-12T07:12:42","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/12\/shift-left-to-the-developers-machine-building-local-git-security-gates\/"},"modified":"2026-06-12T07:12:42","modified_gmt":"2026-06-12T07:12:42","slug":"shift-left-to-the-developers-machine-building-local-git-security-gates","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/12\/shift-left-to-the-developers-machine-building-local-git-security-gates\/","title":{"rendered":"Shift Left to the Developer\u2019s Machine: Building Local Git Security Gates\u00a0"},"content":{"rendered":"<div><img data-opt-id=709108558  fetchpriority=\"high\" decoding=\"async\" width=\"770\" height=\"330\" src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/02\/devsecops1.jpg\" class=\"attachment-large size-large wp-post-image\" alt=\"\" \/><\/div>\n<p><img data-opt-id=1019763079  fetchpriority=\"high\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/02\/devsecops1-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" \/><\/p>\n<p><span data-contrast=\"auto\">A developer pushes one file. It contains an AWS access key left in a configuration block. Five minutes later, CI catches it. By then, the secret is in the remote repository, cached by mirrors and potentially forked. The developer rotates the key, scrubs the commit history and spends the rest of the afternoon on incident response. The real question isn\u2019t how to clean up faster\u00a0\u2014\u00a0it\u2019s why the secret left the developer\u2019s machine in the first place.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">The Five-Minute Gap<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Most engineering teams have invested in <a href=\"https:\/\/devops.com\/github-adds-37-new-secret-detectors-in-march-extends-scanning-to-ai-coding-agents\/\" target=\"_blank\" rel=\"noopener\">CI-based secret scanning<\/a>. Tools such as GitHub Advanced Security, GitGuardian and TruffleHog\u2019s CI integration catch leaked credentials in pull requests and pushed branches. This is good, but it\u2019s also too late.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The\u00a0GitGuardian\u00a02026 State of Secrets Sprawl report found\u00a0that\u00a029 million secrets\u00a0were\u00a0detected on GitHub in 2025 alone\u00a0\u2014\u00a0a 34% year-over-year increase and the largest single-year jump ever recorded. Worse, 64% of secrets leaked back in 2022 remain unrevoked\u00a0even\u00a0today. The gap between\u00a0Git push and CI detection is typically\u00a03\u00a0to\u00a010\u00a0minutes. In that window, the secret hits the remote, enters\u00a0reflog\u00a0and becomes available to anyone with read access. Even if CI blocks the PR, the credential is already exposed in Git history.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Rotation mitigates the immediate risk.\u00a0However, it doesn\u2019t eliminate the exposure window\u00a0and it doesn\u2019t address the root cause:\u00a0The secret should never have been committed.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\"> <img data-opt-id=37833890  data-opt-src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/06\/Picture1-9.png\"  decoding=\"async\" class=\"alignnone wp-image-185492 size-full\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%20100%%20100%%22%20width%3D%22100%%22%20height%3D%22100%%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22100%%22%20height%3D%22100%%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" width=\"624\" height=\"348\" \/><\/span><\/p>\n<p><i><span data-contrast=\"none\">Note: Without local security gates, secrets reach the remote before CI can intervene. With local gates, the commit is blocked before anything leaves the developer\u2019s machine.<\/span><\/i><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">Two Gates, Two Purposes<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Git provides two natural interception points on the developer\u2019s machine:\u00a0Pre-commit and pre-push hooks. Each serves a different security function.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The pre-commit gate focuses on secret detection. Before a commit is finalized, the hook scans staged files for API keys, tokens, passwords and other credential patterns. The critical detail:\u00a0The scan should target the Git index (the staged snapshot), not the working tree. Scanning the working tree picks up\u00a0unstaged\u00a0experiments and editor temp files, producing false positives that train developers to ignore findings.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The pre-push gate handles broader security and quality concerns. Before code reaches the remote, the hook runs static analysis on changed files, checks dependency manifests against known vulnerability databases and optionally enforces test coverage thresholds. This gate is heavier, so it runs at push time rather than on every commit.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\"> <img data-opt-id=597344838  data-opt-src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/06\/Picture2-3.png\"  decoding=\"async\" class=\"alignnone size-full wp-image-185493\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%20100%%20100%%22%20width%3D%22100%%22%20height%3D%22100%%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22100%%22%20height%3D%22100%%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" width=\"624\" height=\"348\" \/><\/span><\/p>\n<p><i><span data-contrast=\"none\">Note: The two-gate model separates fast secret detection (pre-commit) from deeper security and quality scanning (pre-push).<\/span><\/i><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This separation matters. Secret detection needs to be fast and run on every commit\u00a0\u2014\u00a0developers will bypass a hook that adds 30 seconds to their commit cycle. Vulnerability scanning and test execution are slower but acceptable at push time, when the developer is already context-switching.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">What a Local Security Gate Should Do<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">A well-designed local security gate follows a few principles:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Scan the\u00a0Right Thing:\u00a0Pre-commit scanning should materialize the Git index into a temporary snapshot and scan\u00a0it, not the working tree. This ensures you\u2019re checking exactly what will be committed, nothing more.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Distinguish\u00a0Verified From Unverified:\u00a0Not all secret findings are equal. A confirmed live AWS key is a different severity than a string that matches a regex pattern. Tools\u00a0such as\u00a0TruffleHog\u00a0can verify whether a detected credential is actually active. The gate should hard-block verified secrets while making unverified findings configurable\u00a0\u2014\u00a0block or warn, the team decides.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Require Accountability for Suppressions: Every codebase has false positives. The allowlist should require an owner, a reason and an expiration date for each suppression \u2014 no anonymous, permanent exceptions. When an allowlist entry expires, the gate should warn the developer and force a re-evaluation.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Be Honest About Its Limits: Git hooks can be bypassed with \u2013no-verify. Any local security gate is a guardrail, not a fence. It catches mistakes. It doesn\u2019t prevent malice. The correct architecture pairs local gates with CI scanning to provide defense-in-depth.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><span data-contrast=\"none\">Practical Implementation\u00a0With\u00a0Prehook<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">I built prehook (https:\/\/github.com\/arunsanna\/prehook) to implement this pattern as a single Go binary with no runtime dependencies beyond the scanner tools themselves. Here\u2019s what\u00a0the\u00a0setup looks like:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">prehook\u00a0init\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # generates .prehook.yaml\u00a0with secure defaults<\/span><br \/>\n<span data-contrast=\"none\">prehook install\u00a0\u00a0\u00a0 # wires into .git\/hooks\/pre-commit and pre-push<\/span><br \/>\n<span data-contrast=\"none\">prehook doctor\u00a0\u00a0\u00a0\u00a0 # validates all scanner binaries are present<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The configuration is a single YAML file checked into the repository:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">version: 1<\/span><br \/>\n<span data-contrast=\"none\">pre_commit:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0 blocking: true<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0gitleaks:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 enabled: true<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 timeout: 2m<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0trufflehog:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 enabled: true<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0\u00a0block_verified: true\u00a0\u00a0\u00a0 # hard-block confirmed live secrets<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0\u00a0block_unknown: false\u00a0\u00a0\u00a0 # warn on unverified findings<\/span><\/p>\n<p><span data-contrast=\"none\">pre_push:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0semgrep:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 enabled: true<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0osv:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 enabled: true\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # skips if no dependency manifests changed<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0trivy:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 severity: HIGH,CRITICAL<\/span><br \/>\n<span data-contrast=\"none\">\u00a0 quality:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0\u00a0test_command: go\u00a0test\u00a0.\/\u2026<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0 coverage:<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0\u00a0\u00a0 enabled: true<\/span><br \/>\n<span data-contrast=\"none\">\u00a0\u00a0\u00a0\u00a0\u00a0 threshold: 60\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # minimum coverage percentage to push<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The doctor command validates the local environment, checking that each enabled scanner is installed and optionally enforcing version pins. This is particularly useful for team onboarding\u00a0\u2014\u00a0add prehook doctor to your setup documentation, and new developers know exactly what\u2019s missing before they write their first commit.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\"> <img data-opt-id=347384225  data-opt-src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/06\/Picture3-3.png\"  decoding=\"async\" class=\"alignnone size-full wp-image-185494\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%20100%%20100%%22%20width%3D%22100%%22%20height%3D%22100%%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22100%%22%20height%3D%22100%%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" width=\"432\" height=\"579\" \/><\/span><\/p>\n<p><i><span data-contrast=\"none\">Note: When the prehook catches a secret, the commit is blocked. The developer rotates the credential, removes it from the code and re-commits. Verified secrets are always blocked; unverified findings follow the team\u2019s configured policy.<\/span><\/i><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><span data-contrast=\"none\">What This Pattern Doesn\u2019t Solve<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Local Git hooks are not a complete secrets management strategy. They are one layer in a defense-in-depth approach. Specifically:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">They can be bypassed. A developer running git commit \u2013no-verify skips all hooks. This is by design in Git. CI scanning is the backstop that catches what local hooks miss, whether through bypass or misconfiguration.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">They don\u2019t replace secrets management. The right answer is to never have secrets in code at all\u00a0\u2014\u00a0use environment variables, vault systems or cloud IAM\u00a0roles. Local hooks catch cases where that discipline breaks down, which\u00a0happens\u00a0inevitably.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">They require scanner installation. Unlike a SaaS CI integration, local hooks depend on each developer having the scanner binaries installed. This is a real adoption barrier. Tools\u00a0such as\u00a0prehook doctor reduce friction, but the dependency exists.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props='{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}' data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">The value proposition is not perfection. It\u2019s catching the 90% of accidental leaks that happen because a developer was moving fast, testing locally or copying from a Stack Overflow answer\u00a0including\u00a0a placeholder key that wasn\u2019t actually a placeholder.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><span data-contrast=\"none\">Getting Started<\/span><span data-ccp-props='{\"134245418\":true,\"134245529\":true,\"335559738\":200,\"335559739\":0}'>\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">If you want to implement local Git security gates on your team:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Start with secret detection only. Wire up\u00a0Gitleaks\u00a0or\u00a0TruffleHog\u00a0in a pre-commit hook. This is the highest-value, lowest-friction starting point.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Scan the index, not the working tree. Avoid false positives from\u00a0unstaged\u00a0changes.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Keep pre-commit fast. Under five seconds. Anything slower,\u00a0and\u00a0developers bypass it.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Add vulnerability scanning at push time.\u00a0Semgrep,\u00a0OSV-Scanner and\u00a0Trivy\u00a0are good options for the pre-push gate.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Pair with CI. Local hooks catch mistakes. CI enforces policy.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span data-contrast=\"auto\">You can build this yourself with shell scripts, use a framework\u00a0such as\u00a0pre-commit or use a purpose-built tool\u00a0such as\u00a0prehook (https:\/\/github.com\/arunsanna\/prehook) that handles the index snapshot, scanner orchestration and allowlist management in a single binary.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The principle is what matters:\u00a0Stop secrets before they ship. The tooling is a means to that end.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><i><span data-contrast=\"auto\">You can\u2019t un-push a secret.\u00a0However,\u00a0you can stop it from being pushed in the first place.<\/span><\/i><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/devops.com\/shift-left-to-the-developers-machine-building-local-git-security-gates\/\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a><\/p>\n<p>\u200b<\/p>","protected":false},"excerpt":{"rendered":"<p>A developer pushes one file. It contains an AWS access key left in a configuration block. Five minutes later, CI [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4313,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-4312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=4312"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/4313"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=4312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=4312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=4312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}