GitHub announced this Monday that it widened its code hosting platform's secret scanning features for GitHub Advanced Security customers to automatically restrict secret leaks. Secret scanning is a premium security feature provided to companies that use GitHub's Advanced Security license. Organizations can use this feature for extra repository scanning. The feature works via matching patterns mentioned by the organization or provided by a service partner or provider.
Every match is defined as a security alert in the repos' Security tab or to providers if it connects with a provider pattern.
The latest feature is called as push protection, it is made to protect against accidental exposure of creds before implementing code to remote repositories. The new feature attaches secret scanning within the developers' workflow and works using 69 token types (API keys, management certificates, access tokens, private creds, secret keys, noticed with a less "false positive" identification rate.
"With push protection, GitHub will check for high-confidence secrets as developers push code and block the push if a secret is identified. High-confidence secrets have a low positive rate, so security teams can protect their organizations without compromising developer experience," GitHub reports. If the GitHub Enterprise Cloud is able to find a secret before implementing the code, the git push is restricted to let the developers recheck and delete the secrets from the code they tried to shift towards remote repos.
"GitHub Advanced Security helps secure organizations around the world through its secret scanning, code scanning, and supply chain security capabilities, including Dependabot alerts and Dependabot security updates that are forever free," says the GitHub blog.
How to enable Push Protection for your company?
1. Go to GitHub, and find the page of the company.
2. Under the organization name, open settings.
3. In the sidebar section, find "Security," open Code security and analysis.
4. After that, find "GitHub Advanced Security."
5. Find "Secret Scanning" in push notifications, click enable all.
6. Finally, click "Automatically enable for private repositories added to secret scanning."
