Subj : GitHub can now tell you if you ever leak any secrets in your code To : All From : TechnologyDaily Date : Thu Mar 02 2023 12:30:03 GitHub can now tell you if you ever leak any secrets in your code Date: Thu, 02 Mar 2023 12:18:47 +0000 Description: GitHub will let users know if they expose details such as passwords and API keys in any public repo for free. FULL STORY ====================================================================== GitHubs secret scanning alert feature, which was launched in public beta format in December 2022 , is now generally available for free across all public repositories. In a blog post , the developer platform noted that 70,000 public repositories had turned on secret scanning alerts during the beta, and so the full release will be welcome news to many of developers worldwide. GitHub says that you can turn on the feature across public repositories that you own to help notify you of leaked secrets in code, issues, description, and comments. GitHub secret scanning The feature works with over 100 service providers in the GitHub Partner Program which sees the company notifying users and partners upon detecting leaked secrets. With secret scanning alerts enabled, youll now also receive alerts for secrets where its not possible to notify a partner - for example, if self-hosted keys are exposed - along with a full audit log of actions taken on the alert," Github noted. The platform noted an experienced developer who had used the tool to scan 14,000 public GitHub Action repositories, resulting in the finding of more than 1,000 secrets, showing how easy it can be to miss them, thus the significance of the tool. Read more > These are the best laptops for programming > GitHub lays off hundreds of workers, goes fully remote > Thousands of GitHub repositories are littered with malware A support document explains when a developer may want to use the tool: If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. These can include anything from API keys to passwords, authentication tokens, and any other sensitive information. Secret scanning can be found under Settings > Code security and analysis > Security, where it can be enabled or disabled. Use the best endpoint protection or best firewall to protect your work ====================================================================== Link to news story: https://www.techradar.com/news/github-can-now-tell-you-if-you-ever-leak-any-se crets-in-your-code --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .