Security News > 2023 > May > GitHub now auto-blocks token and API key leaks for all repos
GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories.
This feature proactively prevents leaks by scanning for secrets before 'git push' operations are accepted, and it works with 69 token types detectable with a low "False positive" detection rate.
"If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure," GitHub said today.
This feature could only be enabled for private repositories by organizations with a GitHub Advanced Security license, GitHub has now also made it generally available on all public repos.
"Today, push protection is generally available for private repositories with a GitHub Advanced Security license," the company said.
Organizations with GitHub Advanced Security can enable the secret scanning push protection feature at both repository and organization levels via the API or with just one click from the user interface.