GitHub Extends Secret Scanning For Free
Written by Kay Ewbank   
Monday, 19 December 2022

GitHub has announced two security improvements based on its secret scanning feature. The improvements are designed to reduce the problems caused by stolen or compromised credentials, which were the most common cause of data breaches in 2022.

GitHub's Secret Scanning feature checks items such as tokens or private keys used for authentication. Encrypted secrets can be used to store sensitive information, such as access tokens, in your repository.

githubdeklogo

Secret scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. Until now it was only available as part of GitHub Advanced Security, which is available to customers with enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0.

GitHub scans repositories for 200+ token formats, and in 2022, notified its partners of over 1.7 million potential secrets exposed in public repositories to prevent the misuse of those tokens.

Now GitHub is starting to roll out secret scanning to all free public repositories in its community, for free. The organization says that developers can now:

"own the holistic security of your repositories. You’ll also receive alerts for secrets where it’s not possible to notify a partner—for example, if the keys to your self-hosted HashiCorp Vault are exposed. You’ll always have easy tracking across all alerts to drill deeper into the leak’s source and audit actions taken on the alert."

Alongside the wider provision of secret scanning, GitHub has also announced the wider availability of push protection, which can be used  to prevent secret leaks. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern. Organizations that have defined custom patterns can now enable push protection for those patterns. Push protection for custom patterns can be configured on a pattern-by-pattern basis. 

Both features are available now.

githubdeklogo

More Information

GitHub Website

Related Articles

GitHub Copilot Provides Productivity Boost  

GitHub Desktop Adds Squashing

GitHub Desktop 2.0 Introduces Stashing and Rebasing

GitHub Introduces Super Linter

GitHub Strengthens Team Working

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Facebook or Linkedin.

Banner

Apple Just Lost The Epic App Store Battle - Again!
17/12/2025

Apple can't seem to catch a break at the moment. It keeps appealing and it keeps losing. Now its appeal against an injunction that called for it to reduce fees for external in app purchases has been r [ ... ]


+ Full Story
Advent Of Code 2025 Commences
01/12/2025

It's Advent, the time of year when we countdown the days to Christmas having fun doing daily coding challenges. Advents, in the programming sense, are events hosting programming puzzles announced ever [ ... ]


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 20 December 2022 )