"GitHub Brings Free Secret Scanning to All Public Repos"

Developers know that hardcoding security credentials into source code is a poor idea, but it still happens, and the repercussions can be disastrous. Previously, GitHub only made its secret scanning service available to paying enterprise users who purchased GitHub Advanced Security, but the company is now making its secrets scanning service free for all public GitHub repositories. In 2022, GitHub informed partners in its secret scanning partner program about over 1.7 million potential secrets exposed in public repositories. The service searches repositories for more than 200 known token formats, alerting partners to suspected leaks. Users can also define their own regex patterns. If the code is hosted on GitHub, the company will immediately alert users when secrets in their source code are exposed. In order to use the service, it must be activated in GitHub security settings. However, the service will be rolled out and will not be available to all users until the end of January 2023. This article continues to discuss GitHub making its secret scanning service available to all public repositories on the code hosting platform for free.

TechCrunch reports "GitHub Brings Free Secret Scanning to All Public Repos"