"Never Leak Secrets to Your GitHub Repositories Again"

Push protection, a security feature designed to automatically prevent the leakage of secrets to repositories, is now free for all public repository owners on GitHub. Previously, only private repositories with a GitHub Advanced Security license had access to this feature. This expanded availability is intended to help open-source developers and maintainers in proactively securing their code. Credential leakage is one of the most prevalent causes of data breaches in today's digital landscape, fueled in part by the common developer practice of embedding sensitive information, such as passwords, encryption keys, and Application Programming Interface (API) keys, directly within the source code. Whether this occurs due to oversight, negligence, or a lack of cognizance of security best practices, the outcome is the same as threat actors can discover and exploit the secrets. Push protection prevents the leakage of secrets by scanning code commits before they are pushed. In their Integrated Development Environment (IDE) or Command Line Interface (CLI), developers are notified immediately. This article continues to discuss the prevention of leaking secrets with GitHub push protection. 

Help Net Security reports "Never Leak Secrets to Your GitHub Repositories Again"