Keeping secrets protected on GitHub is now easier, courtesy of new capabilities that the Microsoft-owned code hosting platform announced on Wednesday.
With GitHub discovering roughly 39 million leaked secrets across the platform in 2024, it’s clear that inadvertently exposing secrets in code happens rather often, and threat actors are known to harvest and exploit them within minutes.
To help organizations and developers better protect tokens, credentials, and other secrets and prevent their exposure, GitHub is now offering Secret Protection and Code Security as standalone products for enterprise customers.
According to GitHub, the two capabilities should now be within the reach of more organizations, as many did not previously afford the suite of tools the two were bundled within. Secret Protection is free for public repositories.
Additionally, the platform has made its standalone security products available as add-ons for GitHub Team organizations, meaning smaller development teams no longer need to upgrade to GitHub Enterprise to use them.
To further help organizations identify and neutralize code secrets before they are leaked, GitHub also allows organizations across GitHub Team and Enterprise plans to run a secret risk assessment across all their public, private, and internal repositories.
“The point-in-time scan provides clear insights into the exposure of your secrets across your organization, along with actionable steps to strengthen your security and protect your code. In order to lower barriers for organizations to use and benefit from the feature, no specific secrets are stored or shared,” GitHub notes.
The capability has been released in public preview and the code-hosting platform is requesting feedback on how it could improve it.
GitHub also notes that organizations can use its push protection feature to block secrets from accidental exposure, and recommends that they implement strong secrets management capabilities to ensure increased security.
Related: GitHub Launches Fund to Improve Open Source Project Security
Related: GitHub Patches Critical Vulnerability in Enterprise Server
