Upcoming Tech News Hubb
Advertisement Banner
  • Home
  • News
  • Business Tech
  • Health Tech
  • Digital Tech
  • Contact
No Result
View All Result
  • Home
  • News
  • Business Tech
  • Health Tech
  • Digital Tech
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Business Tech

GitHub brings free secret scanning to all public repos • TechCrunch

admin by admin
December 15, 2022
in Business Tech


Every developer knows that it’s a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting today, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.

In 2022 alone, the company notified partners in its secret scanning partner program of over 1.7 million potential secrets that were exposed in public repositories. The service scans repositories for over 200 known token formats and then alerts partners of potential leaks — and you can define your own regex patterns, too.

Image Credits: GitHub

“With secret scanning we found a ton of important things to address,” said David Ross, a staff security engineer at Postmates. “On the AppSec side, it’s often the best way for us to get visibility into issues in the code.”

Now, if you host your code on GitHub, the company will automatically notify you directly about leaked secrets in your source code. This also means that you will get alerts for secrets where there isn’t a partner to notify (maybe because you self-host your HashiCorp Vault, for example).

To begin using the service, you have to enable the feature in their GitHub security settings. However, the rollout of the service will be gradual and it will not be available to all users until the end of January 2023.

GitHub’s own tool is, of course, not the only service that will scan for leaked secrets. There are also open-source tools like gitLeaks (which can integrate with GitHub actions) and a plethora of security companies like Nightfall and CheckPoint’s Spectral, though their services tend to go well beyond secret scanning and are generally geared toward enterprises.



Source link

Previous Post

South Carolina EV battery recycling plant could salvage parts for a million cars a year

Next Post

The 2022 Mercedes-AMG EQS sedan: Brute-force EV misses the mark

Next Post

The 2022 Mercedes-AMG EQS sedan: Brute-force EV misses the mark

Recommended

QGenda Launches Nurse and Staff Workforce Management Platform

2 months ago

Propel@YH Boot Camp announces Nordic cohorts

6 days ago

Maybe Edward the Black Prince didn’t die from chronic dysentery after all

1 month ago

Treason trailer features Charlie Cox in Netflix’s MI6 series

2 months ago

© 2022 Upcoming Tech News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Business Tech
  • Health Tech
  • Digital Tech
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Business Tech
  • Health Tech
  • Digital Tech
  • Contact

© 2022 Upcoming Tech News Hubb All rights reserved.