Github released the public beta of its secret scanning alerts across public repositories in December 2022 and, on Tuesday, made it available to all public repositories for free. According to the company, over 70,000 public repositories have used the tool since its release and have assessed thousands of leaks.
People using Github can now enable secret scanning alerts across all their public repositories and get notified of leaked secrets throughout the repository history, including code, issues, descriptions and comments.
Secret scanning alerts works with more than 100 service providers enrolled in the Github partner program. These partners will also be notified if one of their secrets is leaked.
“Any owner or admin of a public repository can enable secret scanning alerts. Enterprise administrators and organization owners can also bulk enable alerts for multiple repositories,” Github announced.
To enable secret scanning alerts, go the Settings > Code security and analysis > Security > Secret Scanning > Enable.
“With secret scanning alerts enabled, you’ll now also receive alerts for secrets where it’s not possible to notify a partner–for example, if self-hosted keys are exposed–along with a full audit log of actions taken on the alert.”