GitHub Advanced Security Adds Secret Scanning
Written by Alex Denham   
Tuesday, 12 April 2022

GitHub has announced that organizations with its GitHub Advanced Security, which is available to customers with enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0, can now make use of push protection with its secret scanning option to protect against secret leaks.

The advanced security is also enabled for public repositories on GitHub.com. 

githubdeklogo

What GitHub means by secret scanning is checking of items such as tokens or private keys used for authentication. Encrypted secrets can be used to store sensitive information, such as access tokens, in your repository. Secret scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

The new feature's "push protection" refers to the embedding of secret scanning in the developer workflow. GitHub has been working on this development for some time, and last year changed the format of their own secrets and started collaborating with other token issuers to persuade them to make their tokens highly identifiable.

GitHub is now launching the push protection with support for 69 high confidence patterns that each have a signal-to-noise ratio. With push protection, GitHub will check for these secrets as developers push code and block the push if a secret is identified. The GitHub team says that high-confidence secrets have a low positive rate, so security teams can protect their organizations without compromising developer experience.

The checks look for over 100 different token types to detect secrets. If a secret is identified, developers can review and remove the secrets from their code before pushing again.

If there's a situation where this would hold up important work, developers can bypass the protection, in which case GitHub will generate a security alert for the developer and the repository administrator to collaborate on.

GitHub Secret Scanning is available now.

 githubdeklogo

More Information

GitHub Enterprise

Related Articles

GitHub Improves Code Search

GitHub Code Scanning Now Uses Machine Learning

GitHub Enterprise Adds Centralized User Accounts

Visual Studio Integrates GitHub Accounts

GitHub Enterprise 2.14 Adds Unified Search

GitHub Enterprise Adds Team Discussions

GitHub Enterprise Adds Global Webhooks 

GitHub Enterprise 2.1 Released

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Mastering LLMs With Experts
22/10/2024

A freely available set of workshops and talks on the essentials of LLMs, taught by practitioners. The topics include Evals, Retrieval-augmented-generation (RAG), Fine-tuning etc.


+ Full Story
Looking Forward To NAO 7
03/11/2024

Introduced to the world in 2004 by its creator Bruno Maisonnier the kid-sized, autonomous humanoid robot NAO, turns 20 this year. At less than 2 ft tall, it is small in stature, but plays a big r [ ... ]


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 12 April 2022 )