GitHub enhances secret scanning for tighter code security
source link: https://www.infoworld.com/article/3656949/github-enhances-secret-scanning-for-tighter-code-security.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub enhances secret scanning for tighter code security
GitHub Advanced Security now allows developers to scan code for tokens, keys, and other security secrets as they push the code to a repository.
GitHub has updated its Advanced Security service with a “push protection” capability. The new feature scans code for secrets such as access tokens, API keys, and other credentials as developers push the code to a repository, and blocks the push if a secret is identified.
With push protection, announced April 4, GitHub Advanced Security customers can guard against leaks by scanning for secrets before a git push is accepted. Available for enterprise accounts, GitHub Advanced Security provides services such as code scanning, dependency review, and secret scanning, which helps to ensure that secrets are not exposed in a repository. By scanning code for secrets, developers can proactively prevent leaks of credentials and safeguard against breaches attributed to credential misuse.
[ Also on InfoWorld: GitHub Copilot preview gives me hope ]
With GitHub Advanced Security’s push protection, secret scanning is embedded in the developer workflow. To enable this without disrupting development productivity, push protection only supports token types that can be accurately detected. GitHub said that its secret scanning feature has thus far detected more than 700,000 secrets across thousands of private repositories.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK