GitHub enhances secret scanning for tighter code security

GitHub has updated its Advanced Security service with a “push protection” capability. The new feature scans code for secrets such as access tokens, API keys, and other credentials as developers push the code to a repository, and blocks the push if a secret is identified.

With push protection, announced April 4, GitHub Advanced Security customers can guard against leaks by scanning for secrets before a git push is accepted. 

Available for enterprise accounts, GitHub Advanced Security provides services such as code scanning, dependency review, and secret scanning, which helps to ensure that secrets are not exposed in a repository. By scanning code for secrets, developers can proactively prevent leaks of credentials and safeguard against breaches attributed to credential misuse.

With GitHub Advanced Security’s push protection, secret scanning is embedded in the developer workflow. To enable this without disrupting development productivity, push protection only supports token types that can be accurately detected. 

GitHub said that its secret scanning feature has thus far detected more than 700,000 secrets across thousands of private repositories.