GitHub enhances secret scanning for tighter code security


GitHub has updated its Advanced Security service with a “push protection” capability. The new feature scans code for secrets such as access tokens, API keys, and other credentials as developers push the code to a repository, and blocks the push if a secret is identified.

With push protection, announced April 4, GitHub Advanced Security customers can guard against leaks by scanning for secrets before a git push is accepted. Available for enterprise accounts, GitHub Advanced Security provides services such as code scanning, dependency review, and secret scanning, which helps to ensure that secrets are not exposed in a repository. By scanning code for secrets, developers can proactively prevent leaks of credentials and safeguard against breaches attributed to credential misuse.

With GitHub Advanced Security’s push protection, secret scanning is embedded in the developer workflow. To enable this without disrupting development productivity, push protection only supports token types that can be accurately detected. GitHub said that its secret scanning feature has thus far detected more than 700,000 secrets across thousands of private repositories.

Copyright © 2022 IDG Communications, Inc.


Source link

Next Post

Tesla CEO Elon Musk won’t join Twitter’s board after all

[ad_1] SAN FRANCISCO — Elon Musk is not joining Twitter’s board after all, a reversal following last week’s revelation that he had become Twitter’s largest shareholder — and had received a subsequent appointment to the panel. Twitter CEO Parag Agrawal tweeted the news Sunday night, including a memo sent to […]

You May Like