Asset Management, DevSecOps, Vulnerability Management, Supply chain

All public GitHub repositories will have free secret scanning by February 2023

GitHub announced free scanning to detect exposed secrets for public repositories. ("GitHub Office" by DASPRiD is licensed under CC BY 2.0.)

GitHub now allows users to track leaked secrets in their public repository for free.  

While the credential leak is one of the most common causes of data breaches and can lead to severe consequences, GitHub provided secret scanning services to examine repositories for over 200 token formats and alert developers for potential leaks.  

"Secret scanning alerts notify you directly about leaked secrets in your code," read GitHub's Dec. 15 blog post. "We'll still notify our partners for your fastest protection, but now you can own the holistic security of your repositories."  

(via GitHub)

The security feature was previously limited to enterprise users who paid for GitHub Advanced Security. GitHub said that it is now rolling in beta and is expected to reach all users by the end of January 2023.  

Once available, users can enable the feature in their GitHub security setting under "Code security and analysis" to use the service.  

Along with the announcement of the free secret scanning service, GitHub said that its Advanced Security customers can now protect their custom patterns.  

"You can define custom patterns at the repository, organization, and enterprise levels. And now, you can also enable push protection for custom patterns at the organization or repository level. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern," GitHub wrote in a blog post.  

To further strengthen repository security, GitHub will also require all users who contribute code on the platform to enable 2FA for their accounts starting March 2023. 

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.