Dec 16, 2022Ravie Lakshmanan
GitHub on Thursday said it is making available its secret
scanning service to all public repositories on the code hosting
platform for free.
“Secret scanning alerts notify you directly about leaked secrets
in your code,” the company said[1], adding it’s expected to
complete the rollout by the end of January 2023.
Secret scanning is designed[2]
to examine repositories for access tokens, private keys,
credentials, API keys, and other secrets in over 200 formats[3]
that may have been accidentally committed, and generate alerts to
prevent their misuse.
The security option was previously limited to repositories owned
by organizations that use GitHub Enterprise Cloud and have a GitHub
Advanced Security license.
For customers of GitHub Advanced Security, the protections[4]
go a step further by performing the scans for exposed secrets,
including custom patterns, during code pushes[5].
The Microsoft subsidiary also said it’s planning[6]
to turn on two-factor authentication requirements for “distinct
groups of users” starting March 2023 with the goal of expanding[7]
it to all GitHub users by the end of next year.
The users are likely to comprise those who have published GitHub
or OAuth apps, created a release, contributed code to critical open
source repositories, and are Enterprise and Organization
administrators.
The company further stated it’s “hard at work” to integrate
passkey support[8]
for stronger phishing-resistant authentication.
Found this article interesting? Follow us on Twitter [9]
and LinkedIn[10] to read more exclusive
content we post.
References
- ^
said
(github.blog) - ^
designed
(docs.github.com) - ^
over 200
formats (docs.github.com) - ^
protections
(github.blog) - ^
during
code pushes (docs.github.com) - ^
planning
(github.blog) - ^
expanding
(github.blog) - ^
passkey
support (thehackernews.com) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2022/12/github-announces-free-secret-scanning.html