GitHub has announced the general availability of a new security feature called . push protectionintended to prevent developers from accidentally leaking keys and other secrets in their code.
The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it would extend push protection to all public repositories at no additional cost.
This feature is designed to work in tandem with the existing Secrets Scanning feature, scanning repositories for known secrets to prevent abuse and avoid potentially serious consequences.
“By scanning highly specific secrets before they are committed, push protection prevents secrets from leaking without compromising the developer experience,” GitHub said earlier this week.
“When secrets are detected in code, developers are shown remediation guidance directly in their IDE or command line interface to prevent secrets from being exposed.”
Push protection can be circumvented by providing a reason (such as testing, false positives, or acceptable risk), but repository and organization administrators and security managers will be notified of such events by email.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.
Reserve your seat!
To enable this option, the user must[設定]>[コード セキュリティと分析]and select[シークレット スキャン]and[プッシュ保護]Enable
Since going into beta in April 2022, Push Protection has prevented 17,000 accidental security breaches and 95,000 hours that would otherwise have been spent revoking, rotating, and remediating compromised secrets. The company added that it is estimated to have saved more than
This development comes almost five months after GitHub made secret scanning free for all public repositories and allowed users to notify about leaked secrets in their repositories.
