GitHub announces free secret scanning for all public repositories

Share post:

GitHub has announced that Secret Scanning will be available for free to public repository users.

Secret Scanning, which scans repositories and checks for accidentally committed secrets (authentication tokens, API keys, private keys, and so on), has long been available as an option for GitHub Advanced Security, but it was only available to organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license.

Secret Scanning was announced by GitHub as a beta in May 2020, but it is considered a mechanism to invalidate codes and notify alerts via the Secret Scanning Partner Program. To prevent the misuse of authentication tokens, it supports over 200 secret patterns and has detected over 1.7 million potential secrets this year 2022. We will begin deploying the public beta to some users today, but for the time being, it is best to try to activate it by referring to the official document. By the end of January 2023, it will also be available to all GitHub users.

Secret scanning is an additional repository scanning security option that organisations can enable to detect accidental exposure of known types of secrets. It works by matching patterns provided by partners and service providers, as well as patterns defined by the organization. Each match is reported as a security alert in the repos’ Security tab or to partners if it is triggered by a partner pattern.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Anthropic’s AI Agents Take a Big Leap: Direct Computer Control

Anthropic has unveiled a groundbreaking capability for its Claude large language model: the ability to directly interact with...

AI Agents Could Surpass Humans as Primary App Users by 2030, Accenture Predicts

AI agents are poised to transform the way we interact with digital systems, potentially becoming the primary users...

Is Oracle killing off MySQL?

Yesterday we covered a story about how Oracle was now cracking down on licensing Java, which started as...

Research Raises Concerns Over AI Impact on Code Quality

Recent findings from GitClear, a developer analytics firm, indicate that the increasing reliance on AI assistance in software...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways