According to its information, Github blocks many secrets such as passwords or api keys that are safe with push protection. Nevertheless, secret leakage is one of the most common causes of safety events on Github. To combat this development, Github is now expanding security works for developers.
As announced earlier, Github will regulate the composition and availability of Github Advanced Security (Ghas) from April to April from April to April. Github also provides a new scan equipment to support developers in preventing mysteries from flowing.
Ghas becomes secret protection and code security
Since 1 April, Ghas’ functions have been divided into single packages of GITHUB Secre Protection ($ 19 per month) and GITHUB code protection ($ 30 per month) and can be booked independently of each other. Together, both are expensive as Ghas full package with $ 49 per month.
At the same time, Github has improved the reach of Ghas security works. While ghas have only been selected from Github Enterprise or Microsoft Azure Devops tariffs, Github also offers two new personal packages for Github team.
Scan equipment for mystery
A new scan tool for the enterprise server from GHES 3.18 is also available from the beginning of April. Organizations with a github team or enterprise tariffs can use it on any surcharge.
The scan tool can be found in the safety tab of Github dashboard and conducts a security check for all public, private, internal and stored repository. Later, it lists the following results: the number of data leaks per secret type, the number of mysteries visible in the public repository of the organization and the number of repository affected for each intelligence type. The results can be downloaded as the CSV file.
The integrated scan tool in the dashboard tracks secret leaks.
(Image: Github)
To prevent the disclosure of mysteries, Github launched a partner program for secret check a few years ago. Hundreds of providers including AWS, Google, Meta and Openai have now joined it.
Github presented push protection for public repositors as another security module last year. Its purpose is to stop sensitive information such as password or API key.
It is not necessary that there is bad intentions behind the loss of mysteries. Current one Data violation check report by verizon Shows that these are often careless mistakes such as a casual public provision of a repository that then leads to data leaks. In 2024, such mistakes were made more often than before. These mistakes can quickly add: im October report Indicates that in 2024, despite all security measures, more than 39 million secrets were run from the stage.
(Who)
Temu and Shin are in sight: USA stop customs excavation regulation
