Security News > 2022 > December > GitHub offers secret scanning for free
Currently GitHub partners with service providers to flag leaked credentials on all public repos through its secret scanning partner program.
Figure A. GitHub launched the secret scanning for public repositories as a beta this month.
GitHub introduced push protection to GitHub Advanced Security customers in April 2022 to proactively prevent leaks by scanning for secrets before they are committed.
The new program lets service providers partner with GitHub to have their secret token formats secured through scanning, which searches for accidental commits of secret formats.
When a developer starts a GitHub Project, GitHub automatically creates a unique GITHUB TOKEN "Secret," which allows the developer access to GitHub Apps that are installed on the dev's repository.
If a user checks a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with the user's privileges.
News URL
https://www.techrepublic.com/article/github-secret-scanning-free/