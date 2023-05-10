GitHub has introduced a security tool called “push protection” that can identify potential secret leaks in code before it is submitted.

The free push protection security tool is available for free for all public repositories and informs programmers with corrective instructions.

The push protection tool helps by providing a prompt that shows the kind of secret, its location, and how to fix the exposure.

Proactive rather than reactive

Developers need tools they can rely on, and GitHub kept this in mind while designing push protection. A push protection prompt providing details on the kind of secret, its location, and how to fix the exposure will show up if you are pushing a commit that contains a secret. You can push your commit again after removing the secret from your commit history.

Security managers and repository administrators will be notified via email of any bypasses, and they may audit any bypasses using their enterprise and organization audit logs, alert view user interface, REST API, or webhook events. Leo Stolyarov, Director and Cloud Practice Lead at KPMG says:

« Secret scanning push protection is a frictionless feature that has brought better security awareness and protection from leaked secrets without compromising developer experience. »

How to enable push protection

To activate push protection within a repository, organization, or enterprise, navigate to the “Code security and analysis” settings and locate the secret scanning section. To enable both “Secret scanning” and “Push protection,” simply click the “enable all” button.