GitHub brings free secret scanning to all public repos • TechCrunch


Every developer knows that it’s a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting today, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.

In 2022 alone, the company notified partners in its secret scanning partner program of over 1.7 million potential secrets that were exposed in public repositories. The service scans repositories for over 200 known token formats and then alerts partners of potential leaks — and you can define your own regex patterns, too.

Image Credits: GitHub

“With secret scanning we found a ton of important things to address,” said David Ross, a staff security engineer at Postmates. “On the AppSec side, it’s often the best way for us to get visibility into issues in the code.”

Now, if you host your code on GitHub, the company will automatically notify you directly about leaked secrets in your source code. This also means that you will get alerts for secrets where there isn’t a partner to notify (maybe because you self-host your HashiCorp Vault, for example).

To begin using the service, you have to enable the feature in their GitHub security settings. However, the rollout of the service will be gradual and it will not be available to all users until the end of January 2023.

GitHub’s own tool is, of course, not the only service that will scan for leaked secrets. There are also open-source tools like gitLeaks (which can integrate with GitHub actions) and a plethora of security companies like Nightfall and CheckPoint’s Spectral, though their services tend to go well beyond secret scanning and are generally geared toward enterprises.


#GitHub #brings #free #secret #scanning #public #repos #TechCrunch

mrB

Related Posts

HBO Max’s Station Eleven Is Getting a Blu-ray Release

Photo: Ian Watson/HBO Max In this era of “sure, it’s still streaming on HBO Max… but for how long?”, it’s smart to turn to physical media to…

MDMA and Psilocybin Are Approved as Medicines for the First Time

In a world-first, Australia has announced it will officially recognize MDMA and psilocybin as medicines.  On February 3, Australia’s Therapeutic Goods Administration (TGA)—the government authority responsible for…

Learn Logic Pro: Best online course deal

TL;DR: The Complete 2023 Logic Pro Training Bundle(Opens in a new window)(opens in a new tab) is on sale for £31.47, saving you 98% on list price….

Contractors who work on YouTube Music are striking

Over 40 contractors for YouTube Music are going on strike — a first at Google, according to the Alphabet Workers Union (or AWU). The action is in…

Kapor Capital’s new crew is raising an opportunity fund • TechCrunch

Four months after closing its largest fund to date, Kapor Capital wants more. The firm is under new leadership after co-founders Freada and Mitch Kapor stepped back…

Valentine’s Day Gift Guide for Your Pop Culture-Loving Sweetie

Image: RSVLTS, Box Lunch, Super 7, Disney Consumer Products As wise men once sang, “the power of love is a curious thing”—and for that special someone who…

Leave a Reply

Your email address will not be published. Required fields are marked *