GitHub has announced two security improvements based on its secret scanning feature. The improvements are designed to reduce the problems caused by stolen or compromised credentials, which were the most common cause of data breaches in 2022.

GitHub's Secret Scanning feature checks items such as tokens or private keys used for authentication. Encrypted secrets can be used to store sensitive information, such as access tokens, in your repository.

Secret scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. Until now it was only available as part of GitHub Advanced Security, which is available to customers with enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0.

GitHub scans repositories for 200+ token formats, and in 2022, notified its partners of over 1.7 million potential secrets exposed in public repositories to prevent the misuse of those tokens.

Now GitHub is starting to roll out secret scanning to all free public repositories in its community, for free. The organization says that developers can now:

"own the holistic security of your repositories. You’ll also receive alerts for secrets where it’s not possible to notify a partner—for example, if the keys to your self-hosted HashiCorp Vault are exposed. You’ll always have easy tracking across all alerts to drill deeper into the leak’s source and audit actions taken on the alert."

Alongside the wider provision of secret scanning, GitHub has also announced the wider availability of push protection, which can be used  to prevent secret leaks. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern. Organizations that have defined custom patterns can now enable push protection for those patterns. Push protection for custom patterns can be configured on a pattern-by-pattern basis. 

Both features are available now.

More Information

GitHub Website

Related Articles

GitHub Copilot Provides Productivity Boost  

GitHub Desktop Adds Squashing

GitHub Desktop 2.0 Introduces Stashing and Rebasing

GitHub Introduces Super Linter

GitHub Strengthens Team Working

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info