GitHub can now tell you if you ever leak any secrets in your code
Another handy GitHub tool to protect confidential information
GitHub’s secret scanning alert feature, which was launched in public beta format in December 2022, is now generally available for free across all public repositories.
In a blog post, the developer platform noted that 70,000 public repositories had turned on secret scanning alerts during the beta, and so the full release will be welcome news to many of developers worldwide.
GitHub says that you can turn on the feature across public repositories that you own to help notify you of leaked secrets in code, issues, description, and comments.
GitHub secret scanning
The feature works with over 100 service providers in the GitHub Partner Program which sees the company notifying users and partners upon detecting leaked secrets.
“With secret scanning alerts enabled, you’ll now also receive alerts for secrets where it’s not possible to notify a partner - for example, if self-hosted keys are exposed - along with a full audit log of actions taken on the alert," Github noted.
The platform noted an experienced developer who had used the tool to scan 14,000 public GitHub Action repositories, resulting in the finding of more than 1,000 secrets, showing how easy it can be to miss them, thus the significance of the tool.
A support document explains when a developer may want to use the tool:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges.”
These can include anything from API keys to passwords, authentication tokens, and any other sensitive information.
‘Secret scanning’ can be found under ‘Settings’ > ‘Code security and analysis’ > ‘Security’, where it can be enabled or disabled.
- Use the best endpoint protection or best firewall to protect your work
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!