Your secrets are safe with GitHub

© iStock.

GitHub announced that its “secrets” detection alert service is now available for all public repositories and can be enabled to detect leaks across previously-published material. Secrets are sensitive data that is inadvertently left in code and accidentally gets added to GitHub repositories, including API keys, passwords, authentication tokens, and other confidential data that attackers might use to breach security. Transgressors often use GitHub public repositories to find authentication data and penetrate networks, stealing data and even impersonating a company. GitHub began rolling out a beta version of this free secrets detection feature in December 2022 to help developers spot accidental public exposure of sensitive data. Since then, 70,000 public repositories have enabled the new feature, while all owners/admins of public repositories can enable these alerts to secure their data.

GitHub shares the example offered by DevOps consultant and trainer Rob Bos to highlight the power of the secrets scanning alerts. After enabling the feature on 13,954 public GitHub Actions repositories, Rob found secrets on 1,110, or 7.9% of them.

⇨ The GitHub Blog, Zain Malik, Mariam Sulakian, “Secret scanning alerts are now available (and free) for all public repositories.”

2023-03-01