GitHub Announces Free Secret Scanning for Public Repositories
Secret scanning is designed to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in over 200 formats that may have been accidentally committed, and generate alerts to prevent their misuse.
The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license.
The Microsoft subsidiary also said it’s planning to turn on two-factor authentication requirements for “distinct groups of users” starting March 2023 with the goal of expanding it to all GitHub users by the end of next year.
The users are likely to comprise those who have published GitHub or OAuth apps, created a release, contributed code to critical open source repositories, and are Enterprise and Organization administrators.
The company further stated it’s “hard at work” to integrate passkey support for stronger phishing-resistant authentication.