Site icon TechNewsBoy.com

GitHub brings free secret scanning to all public repositories

Scott Marlette

GitHub has announced it will be bringing its secret scanning capability to more users in a bid to help public repository admins detect leaked secrets in their repositories before a breach happens.

The launch forms part of the secret scanning partner program, which was set up to notify more than 100 service providers of token exposure in public repositories. 

The function was previous only available to organizations with GitHub Advanced Security, but it will now be available to admins of all public repositories.

Github secret scanning

Github claims to scan for over 200 token formats (like API keys and authentication tokens) that would usually take an average of 327 days to identify, and has already notified its partners of 1.7 million potential secret exposures in public repositories.

Rollout has already begun in beta form, and GitHub hopes that all of its members will have access by the end of January 2023. The company has also pointed at a discussion board (opens in new tab) where users can request early access or discuss the product in more detail.

“Once secret scanning alerts are available on your repository you can enable them in your repository’s settings under “Code security and analysis” settings,” an entry on the company’s blog (opens in new tab) noted.

“You can see any detected secrets by navigating to the “Security” tab of your repository and selecting “Secret scanning” in the side panel underneath “Vulnerability alerts.” There, you will see a list of any detected secrets, and you can click on any alert to reveal the compromised secret, its location, and suggested action for remediation.”

GitHub 2FA

With an emphasis on its commitment to security, GitHub has also announced that it will require all users who contribute code to set up two-factor authentication (2FA) on their accounts by the end of 2023, which will affect an estimated 94 million users.

A select group of users will first get notified of this mandatory verification in March 2023, which will provide a basis for evaluation before GitHub pushes it to its entire user base.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here
Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version