Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

GitHub is making your code safer for everyone

A developer writing code

GitHub’s push protection feature, introduced as a beta in April 2022, is now generally available, the company has announced. 

The feature makes all code repositories safer by preventing them from leaking sensitive information such as API keys. 

Push protection works by scanning for secrets before “git push” operations are accepted, the company explained, adding that 69 token types are supported, including API keys, private keys, secret keys, authentication tokens, access tokens, management certificates, and similar.

GitHub security boost

While some false positives might happen, they should be few and far between.

"If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure," GitHub said. "Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it's worth investigating."

Push protection has been in beta for more than a year now, and during that time, developers that used it managed to avoided 17,000 sensitive data leaks, and saved more than 95,000 hours they’d otherwise have to spend on addressing the issue of compromised data, GitHub claims. 

"Today, push protection is generally available for private repositories with a GitHub Advanced Security (GHAS) license," GitHub added. "In addition, to help developers and maintainers across open source proactively secure their code, GitHub is making push protection free for all public repositories."

If you’re interested in giving push protection a spin, you can do so via the API, or by clicking on the corresponding menu in the user interface: head over to GitHub.com > navigate to the main page > click Settings > look for “Security” and click “Code security and analysis” > find “Configure code security and analysis” and look for “GitHub Advanced Security” > Go to “Secret scanning” > find “Push protection” and enable it.

Devs can also enable it for single repositories by going Settings > Security & analysis > GitHub Advanced Security dialog.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.