GitHub Now Scans for Secret Leaks in Developer Workflows

by
Fnord666
from SoylentNews on (#5XXMJ)

upstart writes:

GitHub now scans for secret leaks in developer workflows:

GitHub has introduced a new scanning feature for protecting developers from accidental secret leaks.

On April 4, the Microsoft-owned code repository said the GitHub Advanced Security suite has now been upgraded with a new push protection feature to prevent the leak of secrets that could compromise organization-owned projects.

GitHub Advanced Security is a licensed business product including code scanning, supply chain attack protection, and Dependabot alerts.

The new feature is an optional check for developers to use during their workflows before a git push is accepted. As of now, the scan will only check for "highly identifiable patterns" of potential leaks based on the collaborative efforts of GitHub and partner organizations, including token issuers.

There are 69 patterns in total that the tool will check for as potential indicators of secret leaks. In addition, over 100 different token types are checked.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments