GitHub Extends Secret Scanning For Free
Written by Kay Ewbank   
Monday, 19 December 2022

GitHub has announced two security improvements based on its secret scanning feature. The improvements are designed to reduce the problems caused by stolen or compromised credentials, which were the most common cause of data breaches in 2022.

GitHub's Secret Scanning feature checks items such as tokens or private keys used for authentication. Encrypted secrets can be used to store sensitive information, such as access tokens, in your repository.

githubdeklogo

Secret scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. Until now it was only available as part of GitHub Advanced Security, which is available to customers with enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0.

GitHub scans repositories for 200+ token formats, and in 2022, notified its partners of over 1.7 million potential secrets exposed in public repositories to prevent the misuse of those tokens.

Now GitHub is starting to roll out secret scanning to all free public repositories in its community, for free. The organization says that developers can now:

"own the holistic security of your repositories. You’ll also receive alerts for secrets where it’s not possible to notify a partner—for example, if the keys to your self-hosted HashiCorp Vault are exposed. You’ll always have easy tracking across all alerts to drill deeper into the leak’s source and audit actions taken on the alert."

Alongside the wider provision of secret scanning, GitHub has also announced the wider availability of push protection, which can be used  to prevent secret leaks. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern. Organizations that have defined custom patterns can now enable push protection for those patterns. Push protection for custom patterns can be configured on a pattern-by-pattern basis. 

Both features are available now.

githubdeklogo

More Information

GitHub Website

Related Articles

GitHub Copilot Provides Productivity Boost  

GitHub Desktop Adds Squashing

GitHub Desktop 2.0 Introduces Stashing and Rebasing

GitHub Introduces Super Linter

GitHub Strengthens Team Working

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


NVIDIA Releases Free Courses On AI
19/04/2024

NVIDIA has jumped on the AI bandwagon in a big way. Hardware aside, this means working on training material too. Several self- paced courses have been released and for free too!



Angular and Wiz To Merge
27/03/2024

Two web development frameworks used at Google are merging. One, Angular is open source and widely known, while the other, Wiz, is an internal web framework developed and used by Google for some o [ ... ]


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 20 December 2022 )