SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

39 Million Secrets Leaked on GitHub in 2024

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
GitHub security

Keeping secrets protected on GitHub is now easier, courtesy of new capabilities that the Microsoft-owned code hosting platform announced on Wednesday.

With GitHub discovering roughly 39 million leaked secrets across the platform in 2024, it’s clear that inadvertently exposing secrets in code happens rather often, and threat actors are known to harvest and exploit them within minutes.

To help organizations and developers better protect tokens, credentials, and other secrets and prevent their exposure, GitHub is now offering Secret Protection and Code Security as standalone products for enterprise customers.

According to GitHub, the two capabilities should now be within the reach of more organizations, as many did not previously afford the suite of tools the two were bundled within. Secret Protection is free for public repositories.

Additionally, the platform has made its standalone security products available as add-ons for GitHub Team organizations, meaning smaller development teams no longer need to upgrade to GitHub Enterprise to use them.

To further help organizations identify and neutralize code secrets before they are leaked, GitHub also allows organizations across GitHub Team and Enterprise plans to run a secret risk assessment across all their public, private, and internal repositories.

“The point-in-time scan provides clear insights into the exposure of your secrets across your organization, along with actionable steps to strengthen your security and protect your code. In order to lower barriers for organizations to use and benefit from the feature, no specific secrets are stored or shared,” GitHub notes.

The capability has been released in public preview and the code-hosting platform is requesting feedback on how it could improve it.

Advertisement. Scroll to continue reading.

GitHub also notes that organizations can use its push protection feature to block secrets from accidental exposure, and recommends that they implement strong secrets management capabilities to ensure increased security.

Related: GitHub Launches Fund to Improve Open Source Project Security

Related: GitHub Patches Critical Vulnerability in Enterprise Server

Related: GitHub Makes Copilot Autofix Generally Available

Related: Git Vulnerabilities Led to Credentials Exposure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.