GitHub announces free secret scanning for all public repositories

Share post:

GitHub has announced that Secret Scanning will be available for free to public repository users.

Secret Scanning, which scans repositories and checks for accidentally committed secrets (authentication tokens, API keys, private keys, and so on), has long been available as an option for GitHub Advanced Security, but it was only available to organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license.

Secret Scanning was announced by GitHub as a beta in May 2020, but it is considered a mechanism to invalidate codes and notify alerts via the Secret Scanning Partner Program. To prevent the misuse of authentication tokens, it supports over 200 secret patterns and has detected over 1.7 million potential secrets this year 2022. We will begin deploying the public beta to some users today, but for the time being, it is best to try to activate it by referring to the official document. By the end of January 2023, it will also be available to all GitHub users.

Secret scanning is an additional repository scanning security option that organisations can enable to detect accidental exposure of known types of secrets. It works by matching patterns provided by partners and service providers, as well as patterns defined by the organization. Each match is reported as a security alert in the repos’ Security tab or to partners if it is triggered by a partner pattern.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Research Raises Concerns Over AI Impact on Code Quality

Recent findings from GitClear, a developer analytics firm, indicate that the increasing reliance on AI assistance in software...

Microsoft to train 100,000 Indian developers in AI

Microsoft has launched an ambitious program called "AI Odyssey" to train 100,000 Indian developers in artificial intelligence by...

NIST issues cybersecurity guide for AI developers

Paper identifies the types of cyberattacks that can manipulate the behavior of artificial intelligen

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways