GitHub Offers Free Secret Scanning for All Public Repositories
Reading Time: 2 minutes

Now GitHub offers free secret scanning for all public repositories. GitHub on Thursday announced it will roll out the feature by the end of January 2023. The company said, “Secret scanning alerts notify you directly about leaked secrets in your code.” 

The company explained the secret scanning feature will examine repositories for access tokens, private keys, credentials, API keys, and other secrets in over 200 formats that may have been accidentally committed, and generate alerts to prevent their misuse.

The GitHub Security option has been available for organizations on GitHub Enterprise Cloud with a GitHub Advanced Security license, but now anyone can get the same security protection by following these 3 steps.

GitHub Tools for Advanced Security do a deep scan of your code to search for exposed secrets, like invalid configuration items. If it identifies anything hidden in the code, GitHub will warn you about a possible vulnerability.Microsoft’s subsidiary, GitHub, stated that it will be turning on two-factor authentication starting March 2023 for “distinct groups of users.” The goal is to implement the requirement for all GitHub users by the end of next year.

The users are likely to include those who have published GitHub or OAuth apps, created a release from critical open-source repositories, and are Enterprise and Organization administrators.

The company articulated that they’re “hard at work” to integrate passkey support for stronger phishing-resistant authentication.

Related Articles:
GitHub Accounts Hacked Using Fake CircleCI Notifications
GitHub Attacker Uses Stolen OAuth User Tokens to Breach Dozens of Organizations
GitHub Copilot – AI Assistants Help Developers Write 30% of their code