GitHub has enabled push protection for all public code repositories as part of its efforts to prevent exposures of API keys, secret keys, private keys, authentication tokens, and management certificates, according to BleepingComputer.
"If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure. Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it's worth investigating," said GitHub, which noted that nearly 17,000 accidental leaks of sensitive data have been prevented by push protection since its beta release in April 2022.
Moreover, push protection could be activated by organizations with GitHub Advanced Security by enabling "Push protection" under the "Secret scanning" menu of the GitHub website's security settings. Organizations could also allow automated push protection for private repositories added to secret scanning, noted GitHub.
