GitHub is making your code safer for everyone
Scanning for secrets has now gotten a lot easier
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
GitHub’spush protection feature, introduced as a beta in April 2022, is now generally available, the company has announced.
The feature makes all code repositories safer by preventing them from leaking sensitive information such as API keys.
Push protection works by scanning for secrets before “git push” operations are accepted, the company explained, adding that 69 token types are supported, including API keys, private keys, secret keys, authentication tokens, access tokens, management certificates, and similar.
GitHub security boost
While some false positives might happen, they should be few and far between.
“If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure,” GitHub said. “Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it’s worth investigating.”
Push protection has been in beta for more than a year now, and during that time, developers that used it managed to avoided 17,000 sensitive data leaks, and saved more than 95,000 hours they’d otherwise have to spend on addressing the issue of compromised data, GitHub claims.
GitHub takes down repository with Twitter source code>GitHub unveils its huge code search makeover>Check out the best firewalls
“Today, push protection is generally available for private repositories with a GitHub Advanced Security (GHAS) license,” GitHub added. “In addition, to helpdevelopersand maintainers across open source proactively secure their code, GitHub is making push protection free for all public repositories.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If you’re interested in giving push protection a spin, you can do so via the API, or by clicking on the corresponding menu in the user interface: head over to GitHub.com > navigate to the main page > click Settings > look for “Security” and click “Code security and analysis” > find “Configure code security and analysis” and look for “GitHub Advanced Security” > Go to “Secret scanning” > find “Push protection” and enable it.
Devs can also enable it for single repositories by going Settings > Security & analysis > GitHub Advanced Security dialog.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind
