GitHub this week announced that its secret scanning feature, initially released in beta in December 2022, is now generally available and free for all public repositories. The feature is designed to help organizations and developers identify credentials and secrets (such as tokens and private keys) that could be exposed in their code.
With secret scanning enabled, developers receive notifications that alert them to the presence of leaked secrets, and the feature is backed by over 100 service providers in the GitHub Partner Program. Whenever a repository is made public, GitHub scans it for secrets that match partner patterns, and service providers can then decide whether the secret should be revoked or not.
Furthermore, email alerts are sent to the repository administrators and organization owners, as well as to the contributor who committed the secret. Admins can enable secret scanning in the ‘Code security and analysis’ section of the ‘Settings’ tab.
In conclusion, GitHub has made it easier for organizations and developers to protect their code from potential exposure of sensitive data. Secret scanning is free, simple to enable, and backed by a wide range of service providers.
Key Points:
• GitHub’s secret scanning feature is now generally available and free for all public repositories.
• It is designed to help organizations and developers identify credentials and secrets that could be exposed in their code.
• It is backed by over 100 service providers in the GitHub Partner Program.
• Whenever a repository is made public, GitHub scans it for secrets that match partner patterns.
• Email alerts are sent to the repository administrators, organization owners, and the contributor who committed the secret.
• Admins can enable secret scanning in the ‘Code security and analysis’ section of the ‘Settings’ tab.