Summary: GitHub revealed significant updates to its Advanced Security platform after discovering over 39 million leaked secrets in repositories throughout 2024. It aims to enhance user security with new features like standalone secret scanning tools and improved push protection measures. The updates come in response to the prevalent issue of secret leaks, which are often caused by developer convenience and accidental exposure.
Affected: GitHub users and organizations
Keypoints :
- Standalone Secret Protection and Code Security are now available separately, making them accessible to smaller teams.
- A free organization-wide secret risk assessment scans all repositories for exposed secrets.
- Enhanced push protection includes delegated bypass controls and aims to block secrets before they’re pushed to repositories.
- AI-powered detection using Copilot improves the identification of unstructured secrets and reduces false positives.
- Partnerships with cloud providers like AWS and Google aim to enhance secret detection and response capabilities.
- Users are encouraged to adopt best practices by minimizing hardcoded secrets and utilizing environment variables or secret management tools.