With these new tools, GitHub aims to significantly reduce the 39 million annual secret leaks, providing developers with accessible and effective security solutions for organizations of every size. GitHub has launched Secret Protection and Code Security as standalone products, making advanced security features more accessible to development teams of all sizes. The company has also integrated GitHub Copilot to detect unstructured secrets like passwords with extremely low false positive rates, utilizing AI to enhance security scanning capabilities. “Most software today depends on secrets—credentials, API keys, tokens—that developers handle dozens of times a day,” explains Erin Havens, a GitHub security expert. Security researchers note that even seemingly “low-risk” secrets can give attackers a foothold to move laterally to higher-value assets within an organization’s infrastructure. According to GitHub’s latest security disclosures, several secrets are blocked with push protection on the platform every minute. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This change allows smaller development teams to leverage GitHub’s security features without costly plan upgrades. Despite these preventive measures, secret leaks remain one of the most common—and preventable—causes of security incidents in the developer ecosystem. This point-in-time scanning feature covers all repositories, public, private, internal, and archived, providing comprehensive visibility into potential secret leaks without requiring the purchase of additional services. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The exposed secrets include API keys, credentials, tokens, and other sensitive authentication data that could give attackers unauthorized access to critical systems and services. Previously, these tools were only available as part of larger security suites, putting them out of reach for many organizations. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 09:30:17 +0000