Subj : GitHub is making your code safer for everyone To : All From : TechnologyDaily Date : Wed May 10 2023 11:30:03 GitHub is making your code safer for everyone Date: Wed, 10 May 2023 10:26:15 +0000 Description: After a year in beta, this important GitHub security feature looks to keep code safer for users everywhere. FULL STORY ====================================================================== GitHubs push protection feature , introduced as a beta in April 2022, is now generally available, the company has announced. The feature makes all code repositories safer by preventing them from leaking sensitive information such as API keys. Push protection works by scanning for secrets before git push operations are accepted, the company explained, adding that 69 token types are supported, including API keys, private keys, secret keys, authentication tokens, access tokens, management certificates, and similar. GitHub security boost While some false positives might happen, they should be few and far between. "If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure," GitHub said. "Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it's worth investigating." Push protection has been in beta for more than a year now, and during that time, developers that used it managed to avoided 17,000 sensitive data leaks, and saved more than 95,000 hours theyd otherwise have to spend on addressing the issue of compromised data, GitHub claims. Read more > GitHub takes down repository with Twitter source code > GitHub unveils its huge code search makeover > Check out the best firewalls "Today, push protection is generally available for private repositories with a GitHub Advanced Security (GHAS) license," GitHub added. "In addition, to help developers and maintainers across open source proactively secure their code, GitHub is making push protection free for all public repositories." If youre interested in giving push protection a spin, you can do so via the API, or by clicking on the corresponding menu in the user interface: head over to GitHub.com > navigate to the main page > click Settings > look for Security and click Code security and analysis > find Configure code security and analysis and look for GitHub Advanced Security > Go to Secret scanning > find Push protection and enable it. Devs can also enable it for single repositories by going Settings > Security & analysis > GitHub Advanced Security dialog. These are the best laptops for programming ====================================================================== Link to news story: https://www.techradar.com/news/github-is-making-your-code-safer-for-everyone --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .