GitHub Extends Secret Scanning For Free
Written by Kay Ewbank   
Monday, 19 December 2022

GitHub has announced two security improvements based on its secret scanning feature. The improvements are designed to reduce the problems caused by stolen or compromised credentials, which were the most common cause of data breaches in 2022.

GitHub's Secret Scanning feature checks items such as tokens or private keys used for authentication. Encrypted secrets can be used to store sensitive information, such as access tokens, in your repository.

githubdeklogo

Secret scanning scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. Until now it was only available as part of GitHub Advanced Security, which is available to customers with enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0.

GitHub scans repositories for 200+ token formats, and in 2022, notified its partners of over 1.7 million potential secrets exposed in public repositories to prevent the misuse of those tokens.

Now GitHub is starting to roll out secret scanning to all free public repositories in its community, for free. The organization says that developers can now:

"own the holistic security of your repositories. You’ll also receive alerts for secrets where it’s not possible to notify a partner—for example, if the keys to your self-hosted HashiCorp Vault are exposed. You’ll always have easy tracking across all alerts to drill deeper into the leak’s source and audit actions taken on the alert."

Alongside the wider provision of secret scanning, GitHub has also announced the wider availability of push protection, which can be used  to prevent secret leaks. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern. Organizations that have defined custom patterns can now enable push protection for those patterns. Push protection for custom patterns can be configured on a pattern-by-pattern basis. 

Both features are available now.

githubdeklogo

More Information

GitHub Website

Related Articles

GitHub Copilot Provides Productivity Boost  

GitHub Desktop Adds Squashing

GitHub Desktop 2.0 Introduces Stashing and Rebasing

GitHub Introduces Super Linter

GitHub Strengthens Team Working

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Ai-Da's Portrait of Alan Turing At Auction
01/11/2024

Sotheby's Digital Art Day Action, now underway, features a large-scale portrait of  Alan Turing created by Ai-Da, the humanoid robot artist whose work, including this canvas, was exhibited at the [ ... ]


+ Full Story
Apollo Adds REST APIs For GraphQL
29/10/2024

Apollo has added a simpler way to integrate REST APIs into a federated GraphQL environment. Available now in public preview, can be used to map REST API endpoints to their GraphQL schema using a decla [ ... ]


+ Full Story
More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 20 December 2022 )