GitHub now allows users to track leaked secrets in their public repository for free.
While the credential leak is one of the most common causes of data breaches and can lead to severe consequences, GitHub provided secret scanning services to examine repositories for over 200 token formats and alert developers for potential leaks.
"Secret scanning alerts notify you directly about leaked secrets in your code," read GitHub's Dec. 15 blog post. "We'll still notify our partners for your fastest protection, but now you can own the holistic security of your repositories."
The security feature was previously limited to enterprise users who paid for GitHub Advanced Security. GitHub said that it is now rolling in beta and is expected to reach all users by the end of January 2023.
Once available, users can enable the feature in their GitHub security setting under "Code security and analysis" to use the service.
Along with the announcement of the free secret scanning service, GitHub said that its Advanced Security customers can now protect their custom patterns.
"You can define custom patterns at the repository, organization, and enterprise levels. And now, you can also enable push protection for custom patterns at the organization or repository level. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern," GitHub wrote in a blog post.
To further strengthen repository security, GitHub will also require all users who contribute code on the platform to enable 2FA for their accounts starting March 2023.
