GitHub tackles leaks by scanning for secrets in pushed code

2022-04-05 16:00

Code shack GitHub is aiming to help users avoid inadvertent leaks of confidential objects like access tokens by scanning repository content for such secrets before a git push is executed.

The secret scanning capability is already a feature of GitHub Advanced Security, which is enabled for all public repositories on GitHub.com and an option for GitHub Enterprise users.

Developers can review the results and remove the secrets from their code before pushing again, or else can choose to flag the secret as a false positive, a test case, or real instance to be fixed later.

If secret scanning push protection is bypassed in this way, GitHub will generate a closed security alert in the case of secrets identified as test cases or false positives.

For secrets flagged "To resolve" later, GitHub will generate an open security alert for both the developer and the repository administrator, to allow them to work together on a fix.

In a post announcing the new capability, GitHub said it has already detected more than 700,000 secrets across thousands of private repositories through secret scanning for GitHub Advanced Security.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/05/github_prevents_leaks_by_scanning/

#github #leak

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Github		12	3	42	30	15	90