GitHub has announced the general availability of a new security feature called thrust protectionwhich aims to prevent developers from inadvertently leaking keys and other secrets from their code.
Microsoft’s cloud-based repository hosting platform, which began testing the feature a year ago, said it is also extending push protection to all public repositories at no additional cost.
The functionality is designed to work hand-in-hand with the existing secret scan feature, which scans repositories of known secret formats to prevent fraudulent use and avoid potentially serious consequences.
“Push protection prevents secret leaks without compromising the developer experience by scanning for highly identifiable secrets before they’re committed,” GitHub said earlier this week.
“When a secret is detected in code, developers are prompted directly in their IDE or command-line interface with a remediation guide to ensure the secret is never exposed.”
Although push protection can be bypassed by providing a reason (eg, test, false positive, or acceptable risk), repository and organization administrators and security managers will be notified of these events by email.
To enable the option, users can go to Settings > Select “Security & Code Analysis” > Enable “Secret Scan” and “Push Protection”.
Push protection, since it went live in April 2022 as a beta version, is estimated to have prevented 17,000 accidental secret leaks, saving more than 95,000 hours that would otherwise have been spent revoking, rotating and correct compromised secrets, the company added.
The development comes nearly five months after GitHub made secret scanning free for all public repositories, allowing users to receive notifications about leaked secrets in their repositories.
Ikaroa is proud to be a supporter of the recent announcement by GitHub that they are now extending push protection to help prevent the accidental leaks of keys and other secrets. With this new feature, secret tokens and keys will no longer be at risk of being accidentally published online, reducing the risk of data breaches and leaks.
GitHub’s new push protection feature ensures that any secret tokens, API keys, and other confidential data is not accidently pushed to a given repository. This means that regardless of where the data came from, no one can accidentally push it to GitHub and potentially expose it to the public, including your own organization.
At Ikaroa, we have seen the damage that can be done from accidental exposure of confidential information, and this is why the introduction of this new feature is such great news. It provides us with an extra layer of protection for our customers and we are pleased to be able to offer this peace of mind.
GitHub already provides users with a number of tools to help protect their confidential information, such as two-factor authentication and encrypted storage. But this new push protection feature adds a new layer of security, making it even easier and more secure to keep secrets safe.
The introduction of this new feature is one more way that Ikaroa is committed to providing the best possible service to our customers. We strive to ensure that data is kept safe and secure, and this new feature is one more way we can offer that to our customers.
We are proud to support this new feature and we look forward to all that it has to add to our security measures. We believe strongly in the power of technology, and that it should remain secure and accessible. With this extension of push protection by GitHub, the security of our customers is one step closer to being better than ever.