Updated on 2022-12-15: GitHub rolls out free secret scanning to everyone
GitHub also announced this week that its secrets/toke-scanning feature is being expanded from private repos to all users. This is a big big win!
Updated on 2022-12-14
GitHub to extend support for the free scanning of exposed secrets, including authentication tokens and credentials, to all public repositories on its platform. Read more: GitHub rolls out free secret scanning for all public repositories
Overview: GitHub Expands Secret Scanning
GitHub is rolling out free secret scanning to all public repositories. Previously, the service had been available only to organizations that use GitHub Enterprise Cloud with a GitHub Advanced Security license. The feature should be available to all users by the end of January 2023. After the feature is enabled, GitHub will automatically scan repositories for more than 200 token formats and notify developers when leaked secrets are detected. In a separate story, GitHub will require all users to enable two-factor authentication by the end of 2023. The requirement will begin rolling out in March.
Note
- You should have processes in place locally to ensure you’re not sharing secrets, and the GitHub process will merely have your back. Don’t miss that 2FA will also be required for all users next year.
- Kudos to GitHub for enabling this free service. Frankly, all Cloud Service Providers should enable a similar free scanning service for all of their customers. The cost to the company is miniscule, the value to the customer is immense.
Read more in
