GitHub to secure developers: auto-block commits containing API keys, auth tokens

GitHub has announced on Monday 4, 2022 that company has expanded its platform’s secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically.

Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning. This feature, unfortunately, does not cover all GitHub users, however, we hope one day it will.

Octocat, GitHub official logo. Credits:

The auto-block works by matching patterns(regular expressions) defined by the organisation or provided by partners and service providers. Each match is reported as a security alert in the repos’ Security tab or to partners if it matches a partner pattern.

Organizations with GitHub Advanced Security can enable the secret scanning push protection feature at both repository and organization levels via the API or with just one click from the user interface.

The detailed procedure for enabling push protection for your organization requires you to:

  1. On, navigate to the main page of the organization.
  2. Under your organization name, click Settings.
  3. In the “Security” section of the sidebar, click Code security and analysis.
  4. Under “Code security and analysis,” find “GitHub Advanced Security.”
  5. Under “Secret scanning,” under “Push protection,” click Enable all.
  6. Optionally, click “Automatically enable for private repositories added to secret scanning.”

Comments are closed.