GitHub now scans for secret leaks in developer workflows

GitHub has introduced a new scanning feature for protecting developers from accidental secret leaks.

On April 4, the Microsoft-owned code repository said the GitHub Advanced Security suite has now been upgraded with a new push protection feature to prevent the leak of secrets that could compromise organization-owned projects.

GitHub Advanced Security is a licensed business product including code scanning, supply chain attack protection, and Dependabot alerts.

The new feature is an optional check for developers to use during their workflows before a git push is accepted. As of now, the scan will only check for “highly identifiable patterns” of potential leaks based on the collaborative efforts of GitHub and partner organizations, including token issuers.

There are 69 patterns in total that the tool will check for as potential indicators of secret leaks. In addition, over 100 different token types are checked.

These include those issued by Alibaba Cloud, Amazon, AWS, Azure, npm, Slack, and Stripe.

GitHub says that over 700,000 secrets across thousands of private repositories have been detected to date.

If push protection is enabled, a scan will check for high-confidence leak patterns. If a pattern flags up, the push is blocked. According to the company, there has been a

Read More: